ID
VAR-202210-0419
CVE
CVE-2022-34425
TITLE
Dell's Dell Enterprise SONiC Distribution Vulnerability in using hard-coded credentials in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-018859
DESCRIPTION
Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication
Trust: 1.71
sources:
NVD: CVE-2022-34425 //
JVNDB: JVNDB-2022-018859 //
VULHUB: VHN-426741
AFFECTED PRODUCTS
| vendor: | dell | model: | enterprise sonic distribution | scope: | eq | version: | 4.0.1 | Trust: 1.0 |
| vendor: | dell | model: | enterprise sonic distribution | scope: | eq | version: | 4.0.0 | Trust: 1.0 |
| vendor: | デル | model: | dell enterprise sonic distribution | scope: | eq | version: | 4.0.1 | Trust: 0.8 |
| vendor: | デル | model: | dell enterprise sonic distribution | scope: | eq | version: | 4.0.0 | Trust: 0.8 |
| vendor: | デル | model: | dell enterprise sonic distribution | scope: | - | version: | - | Trust: 0.8 |
| vendor: | デル | model: | dell enterprise sonic distribution | scope: | eq | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-018859 //
NVD: CVE-2022-34425
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-018859 //
CNNVD: CNNVD-202210-384 //
NVD: CVE-2022-34425 //
NVD: CVE-2022-34425
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.1 |
| problemtype: | CWE-321 | Trust: 1.0 |
| problemtype: | Use hard-coded credentials (CWE-798) [NVD evaluation ] | Trust: 0.8 |
sources:
VULHUB: VHN-426741 //
JVNDB: JVNDB-2022-018859 //
NVD: CVE-2022-34425
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202210-384
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-202210-384
PATCH
| title: | Dell Enterprise SONiC OS Repair measures for trust management problem vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=210520 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202210-384
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-34425 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-018859 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202210-384 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2022-68276 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-426741 | Trust: 0.1 |
sources:
VULHUB: VHN-426741 //
JVNDB: JVNDB-2022-018859 //
CNNVD: CNNVD-202210-384 //
NVD: CVE-2022-34425
REFERENCES
| url: | https://www.dell.com/support/kbdoc/en-us/000203395/dsa-2022-257-dell-emc-enterprise-sonic-security-update-for-ssh-cryptographic-key-vulnerability | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-34425 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-34425/ | Trust: 0.6 |
sources:
VULHUB: VHN-426741 //
JVNDB: JVNDB-2022-018859 //
CNNVD: CNNVD-202210-384 //
NVD: CVE-2022-34425
SOURCES
| db: | VULHUB | id: | VHN-426741 |
| db: | JVNDB | id: | JVNDB-2022-018859 |
| db: | CNNVD | id: | CNNVD-202210-384 |
| db: | NVD | id: | CVE-2022-34425 |
LAST UPDATE DATE
2024-08-14T15:11:14.388000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-426741 | date: | 2022-10-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018859 | date: | 2023-10-23T08:13:00 |
| db: | CNNVD | id: | CNNVD-202210-384 | date: | 2022-10-14T00:00:00 |
| db: | NVD | id: | CVE-2022-34425 | date: | 2022-10-13T15:49:49.323 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-426741 | date: | 2022-10-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018859 | date: | 2023-10-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-384 | date: | 2022-10-10T00:00:00 |
| db: | NVD | id: | CVE-2022-34425 | date: | 2022-10-10T21:15:11.143 |