CVE-2022-34425

HIGH

Dell Enterprise SONiC OS <4.0.2 - Info Disclosure

Title source: llm

Description

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

References (1)

Core 1

Core References

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000203395/dsa-2022-257-dell-emc-enterprise-sonic-security-update-for-ssh-cryptographic-key-vulnerability

Scores

CVSS v3 7.5

EPSS 0.0074

EPSS Percentile 49.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-321 CWE-798

Status published

Products (2)

dell/enterprise_sonic_distribution 4.0.0

dell/enterprise_sonic_distribution 4.0.1

Published Oct 10, 2022

Tracked Since Feb 18, 2026