3 min read

Critical Security Update for Dell Enterprise SONiC Distribution: Addressing CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765 Vulnerabilities

Image for post about Dell Enterprise SONiC Distribution Vulnerabilities

Executive Summary

On November 08, 2024, Dell Technologies issued a critical security update (DSA-2024-449) addressing multiple vulnerabilities in the Dell Enterprise SONiC Distribution. These vulnerabilities, specifically CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765, present significant risks due to their potential for remote exploitation, allowing unauthorized access and control over affected systems. Organizations utilizing the Dell Enterprise SONiC Distribution are urged to prioritize the application of the updates to mitigate these risks effectively.

Technical Information

The vulnerabilities identified in the Dell Enterprise SONiC Distribution are categorized as follows:

CVE-2024-45763 is classified as an Improper Neutralization of Special Elements used in an OS Command (OS Command Injection). This vulnerability affects Dell Enterprise SONiC OS versions 4.1.x and 4.2.x. A high-privileged attacker with remote access could exploit this vulnerability to execute arbitrary commands on the system. The CVSS Base Score for this vulnerability is 9.1, indicating critical severity (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVE-2024-45764 involves a Missing Critical Step in Authentication, which allows unauthenticated attackers with remote access to bypass protection mechanisms. This vulnerability also affects versions 4.1.x and 4.2.x of the Dell Enterprise SONiC OS. The CVSS Base Score is 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVE-2024-45765 is another OS Command Injection vulnerability, similar to CVE-2024-45763, allowing high-privileged commands to be executed with lower privileges. The CVSS Base Score is again 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

These vulnerabilities pose a significant risk, as they can be exploited remotely, leading to unauthorized access and control over affected systems. Organizations should be aware of the potential for these vulnerabilities to be targeted in future attacks.

Exploitation in the Wild

As of November 08, 2024, there have been no publicly reported incidents specifically linking these vulnerabilities to active exploitation in the wild. The CVE Exploit in the Wild Finder tool returned no reports of exploitation for CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765, indicating that while the vulnerabilities are critical, they have not yet been observed being actively exploited. However, the absence of reported exploitation does not diminish the urgency for organizations to apply the necessary updates.

APT Groups using this vulnerability

Currently, there are no specific reports linking any Advanced Persistent Threat (APT) groups to the exploitation of the vulnerabilities outlined in the Dell Enterprise SONiC Distribution advisory (DSA-2024-449). However, given the critical nature of the vulnerabilities, organizations should remain vigilant and monitor for any emerging threats. Continuous monitoring and threat intelligence are essential to detect any potential exploitation attempts.

Affected Product Versions

The following versions of the Dell Enterprise SONiC Distribution are affected by the identified vulnerabilities:

Versions prior to 4.1.6 should be updated to 4.1.6. Versions prior to 4.2.2 should be updated to 4.2.2. Organizations must ensure that they are running the latest versions to mitigate the risks associated with these vulnerabilities.

For detailed remediation steps, users can refer to the official advisory: DSA-2024-449 Security Update for Dell Enterprise SONiC Distribution Vulnerabilities.

Workaround and Mitigation

To mitigate the risks associated with these vulnerabilities, organizations should prioritize the following actions:

Immediately update affected systems to the latest versions of the Dell Enterprise SONiC Distribution. This includes upgrading to 4.1.6 or 4.2.2 as applicable.

Implement network segmentation to limit access to critical systems and reduce the attack surface.

Regularly review and update security policies and access controls to ensure that only authorized personnel have access to sensitive systems.

Monitor network traffic for unusual activity that may indicate attempts to exploit these vulnerabilities.

Conduct regular security assessments and penetration testing to identify and remediate potential vulnerabilities in the environment.

By taking these proactive measures, organizations can significantly reduce their risk exposure and enhance their overall security posture.

References

Dell Technologies Security Advisory: DSA-2024-449
NVD Entry for CVE-2024-45763: CVE-2024-45763 Detail
NVD Entry for CVE-2024-45764: CVE-2024-45764 Detail
NVD Entry for CVE-2024-45765: CVE-2024-45765 Detail
CISA KEV Catalog: CISA Known Exploited Vulnerabilities Catalog

Organizations utilizing the Dell Enterprise SONiC Distribution should prioritize the application of these updates to safeguard their systems against potential exploitation.

Rescana is here for you

At Rescana, we are committed to helping our customers enhance their cybersecurity posture through our Continuous Threat and Exposure Management (CTEM) platform. Our solutions provide organizations with the tools and insights needed to identify, assess, and mitigate vulnerabilities effectively. Should you have any questions regarding this report or any other cybersecurity concerns, please do not hesitate to reach out to us at ops@rescana.com.