Security updates: Dell Enterprise SONiC vulnerable to multiple attacks

Three"critical" security vulnerabilities jeopardize networks in which admins use Dell Enterprise SONiC. Attackers can bypass the login and execute their own commands. Due to the classification of the vulnerabilities, a complete compromise of systems can be assumed after a successful attack.

Three software vulnerabilities

Dell's operating system Software for Open Networking in the Cloud (SONiC) is used by network admins to manage and administer switches, among other things. The software is used for configuration and monitoring. The network supplier has now listed three vulnerabilities (CVE-2024-45763"critical", CVE-2024-45764"critical", CVE-2024-45765"critical") in an article and published security updates. Dell is not currently warning of ongoing attacks, but advises admins to update quickly in order to protect networks.

If attackers successfully exploit the gaps, they can bypass authentication. To do this, however, they must be able to access vulnerable instances remotely. Because certain inputs are not sufficiently sanitized, attackers with high user rights and access to Enterprise SONiC can execute their own commands. It is currently not known in detail how such attacks could take place. It also remains unclear how admins can detect attacks that have already taken place.

Patch now!

To prepare systems against possible attacks, admins must install Dell Enterprise SONiC Distribution 4.1.6 or 4.2.2. All previous editions are said to be under threat. There is currently no interim solution to temporarily protect systems, so admins must install the patches quickly. Security researchers from QI-ANXIN have discovered two of the vulnerabilities and reported them to Dell.

Last week, Dell provided its PowerProtect DD backup appliance with security updates.

(des)