Details of VAR-202302-0270

ID

VAR-202302-0270

CVE

CVE-2023-24574

TITLE

Dell Enterprise SONiC OS Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003237

DESCRIPTION

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users

Trust: 1.8

sources: NVD: CVE-2023-24574 // JVNDB: JVNDB-2023-003237 // VULHUB: VHN-453288 // VULMON: CVE-2023-24574

AFFECTED PRODUCTS

vendor:	dell	model:	enterprise sonic distribution	scope:	gte	version:	3.5.3	Trust: 1.0
vendor:	dell	model:	enterprise sonic distribution	scope:	lt	version:	4.0.3	Trust: 1.0
vendor:	デル	model:	dell enterprise sonic distribution	scope:	eq	version:	4.0.1	Trust: 0.8
vendor:	デル	model:	dell enterprise sonic distribution	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell enterprise sonic distribution	scope:	eq	version:	4.0.0	Trust: 0.8
vendor:	デル	model:	dell enterprise sonic distribution	scope:	eq	version:	3.5.3	Trust: 0.8
vendor:	デル	model:	dell enterprise sonic distribution	scope:	eq	version:	4.0.2	Trust: 0.8

sources: JVNDB: JVNDB-2023-003237 // NVD: CVE-2023-24574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-24574
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2023-24574
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-003237
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-170
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-24574
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-003237
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003237 // CNNVD: CNNVD-202302-170 // NVD: CVE-2023-24574 // NVD: CVE-2023-24574

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-453288 // JVNDB: JVNDB-2023-003237 // NVD: CVE-2023-24574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-170

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202302-170

PATCH

title:	DSA-2023-039	url:	https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability	Trust: 0.8
title:	Dell Enterprise SONiC OS Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=223652	Trust: 0.6

sources: JVNDB: JVNDB-2023-003237 // CNNVD: CNNVD-202302-170

EXTERNAL IDS

db:	NVD	id:	CVE-2023-24574	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-003237	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-170	Trust: 0.6
db:	VULHUB	id:	VHN-453288	Trust: 0.1
db:	VULMON	id:	CVE-2023-24574	Trust: 0.1

sources: VULHUB: VHN-453288 // VULMON: CVE-2023-24574 // JVNDB: JVNDB-2023-003237 // CNNVD: CNNVD-202302-170 // NVD: CVE-2023-24574

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-24574	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2023-24574/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-453288 // VULMON: CVE-2023-24574 // JVNDB: JVNDB-2023-003237 // CNNVD: CNNVD-202302-170 // NVD: CVE-2023-24574

SOURCES

db:	VULHUB	id:	VHN-453288
db:	VULMON	id:	CVE-2023-24574
db:	JVNDB	id:	JVNDB-2023-003237
db:	CNNVD	id:	CNNVD-202302-170
db:	NVD	id:	CVE-2023-24574

LAST UPDATE DATE

2024-08-14T14:02:07.186000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-453288	date:	2023-02-10T00:00:00
db:	VULMON	id:	CVE-2023-24574	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-003237	date:	2023-09-05T05:24:00
db:	CNNVD	id:	CNNVD-202302-170	date:	2023-02-13T00:00:00
db:	NVD	id:	CVE-2023-24574	date:	2023-11-07T04:08:33.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-453288	date:	2023-02-02T00:00:00
db:	VULMON	id:	CVE-2023-24574	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-003237	date:	2023-09-05T00:00:00
db:	CNNVD	id:	CNNVD-202302-170	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2023-24574	date:	2023-02-02T21:22:49.950