{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24574", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-01-26T16:27:33.569Z", "datePublished": "2023-02-02T16:04:58.071Z", "dateUpdated": "2025-03-27T13:26:26.696Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Enterprise SONiC OS", "vendor": "Dell", "versions": [{"lessThanOrEqual": "3.5.3, 3.5.4, 4.0.0, 4.0.1, 4.0.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-02-01T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.</span>\n\n"}], "value": "\nDell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-02-02T16:04:58.071Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:19.230Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T13:26:21.319725Z", "id": "CVE-2023-24574", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T13:26:26.696Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:19.230Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24574", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T13:26:21.319725Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T13:26:10.382Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Enterprise SONiC OS", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.5.3, 3.5.4, 4.0.0, 4.0.1, 4.0.2"}], "defaultStatus": "unaffected"}], "datePublic": "2023-02-01T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nDell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-02-02T16:04:58.071Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24574", "state": "PUBLISHED", "dateUpdated": "2025-03-27T13:26:26.696Z", "dateReserved": "2023-01-26T16:27:33.569Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2023-02-02T16:04:58.071Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*", "matchCriteriaId": "54F259E7-3DDA-4FCE-9210-96F9C4C07A2B", "versionEndExcluding": "4.0.3", "versionStartIncluding": "3.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.\n\n"}], "id": "CVE-2023-24574", "lastModified": "2024-11-21T07:48:09.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-02T21:22:49.950", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}