CVE-2021-36309

Name of the Vulnerable Software and Affected Versions Dell Enterprise SONiC OS versions 3.3.0 and earlier

Description The issue allows an authenticated malicious user with access to the system to read sensitive information using the TACACSRadius credentials stored, potentially using it in further attacks.

Recommendations For versions 3.3.0 and earlier, consider restricting access to the TACACSRadius credentials to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to reduce the potential impact of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.