CVE-2021-42324

Name of the Vulnerable Software and Affected Versions DCN S4600-10P-SI devices before R0241.0470

Description An issue was discovered due to improper parameter validation in the console interface, allowing a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.

Recommendations For DCN S4600-10P-SI devices before R0241.0470, update to version R0241.0470 or later to resolve the issue. As a temporary workaround, consider restricting access to the console interface and limiting the use of the capture command to minimize the risk of exploitation.