Multiple vulnerabilities in Dell Enterprise SONiC Distribution

1) UNIX symbolic link following

EUVDB-ID: #VU45744

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15861

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in snmpd. A local user can bypass implemented security mechanism via *snmp-mibs-downloader package* and execute arbitrary commands on the system as root.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect permission assignment for critical resource

EUVDB-ID: #VU45745

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15862

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to insecure permissions set by the Net-snmp installed on Debian-based systems. A remote user can overwrite files in net-snmp directory via EXTEND MIB and execute arbitrary code on the system with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU65671

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24805

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling INDEX of NET-SNMP-VACM-MIB. A remote attacker can trick the victim into loading a specially crafted MIB collection, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU65673

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24806

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when SETing malformed OIDs in master agent and subagent simultaneously. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU65674

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24807

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a boundary error in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. A remote user can pass a malformed OID in a SET request, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU65675

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24808

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) NULL pointer dereference

EUVDB-ID: #VU65672

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24809

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable  when handling malformed OID in GET-NEXT. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU65676

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in nsVacmAccessTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU70878

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-44792

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) NULL pointer dereference

EUVDB-ID: #VU70879

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-44793

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Enterprise SONiC: before 4.1.4

CPE2.3

• cpe:2.3:a:dell:enterprise_sonic:*:*:*:*:*:*:*:

External links

http://www.dell.com/support/kbdoc/nl-nl/000226058/dsa-2024-273-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.