CVE-2022-34425 - OpenCVE

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Enterprise Sonic Distribution

Configuration 1 [-]

OR	cpe:2.3:o:dell:enterprise_sonic_distribution:4.0.0:::::::*
	cpe:2.3:o:dell:enterprise_sonic_distribution:4.0.1:::::::*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000203395/dsa-2022-257-dell-emc-enterprise-sonic-security-update-for-ssh-cryptographic-key-vulnerability	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2022-09-15T00:00:00

Updated: 2022-10-10T00:00:00

Reserved: 2022-06-23T00:00:00

Link: CVE-2022-34425

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-10T21:15:11.143

Modified: 2022-10-13T15:49:49.323

Link: CVE-2022-34425

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:enterprise_sonic_distribution:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1CA58D1-CC58-4ACF-85D5-2C76FB9F2E5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:enterprise_sonic_distribution:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "71081224-8B0E-425C-A3F4-7AAE45938F5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication."}, {"lang": "es", "value": "Dell Enterprise SONiC OS, versiones 4.0.0, 4.0.1, contienen una vulnerabilidad de clave criptogr\u00e1fica en SSH. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, conllevando a un acceso no autorizado a la comunicaci\u00f3n"}], "id": "CVE-2022-34425", "lastModified": "2022-10-13T15:49:49.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2022-10-10T21:15:11.143", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000203395/dsa-2022-257-dell-emc-enterprise-sonic-security-update-for-ssh-cryptographic-key-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-321"}], "source": "security_alert@emc.com", "type": "Secondary"}]}