Headline
CVE-2022-34425: DSA-2022-257: Dell Enterprise SONiC Security Update for SSH Cryptographic Key Vulnerability.
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.
Vaikutus
High
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-344225
Dell Enterprise SONiC operating system 4.0.0 and 4.0.1 contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to unauthorized access to communication.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-344225
Dell Enterprise SONiC operating system 4.0.0 and 4.0.1 contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to unauthorized access to communication.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Version
Link to Update
Dell Enterprise SONiC Distribution
Versions 4.0.0 and 4.0.1
4.0.2
Link to update
Product
Affected Versions
Updated Version
Link to Update
Dell Enterprise SONiC Distribution
Versions 4.0.0 and 4.0.1
4.0.2
Link to update
Keinoja ongelman kiertämiseen tai lieventämiseen
Delete installed SSH keys and restart SSHD service.
Versiohistoria
Revision
Date
Description
1.0
2022-09-15
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
15 syysk. 2022