Description
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000191690/DSA-2021-190-Dell-Enterprise-SONiC-OS-Security-Update-for-an-information-disclosure-Vulnerability
Scores
CVSS v3
7.1
EPSS
0.0062
EPSS Percentile
45.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-256
Status
published
Products (1)
dell/enterprise_sonic_os
< 3.3.0
Published
Oct 01, 2021
Tracked Since
Feb 18, 2026