CVE-2022-34425

Name of the Vulnerable Software and Affected Versions Dell Enterprise SONiC OS versions 4.0.0 through 4.0.1

Description The issue is related to a cryptographic key vulnerability in SSH, where an unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. This vulnerability is associated with the use of a hardcoded cryptographic key, which could allow a remote attacker to disclose protected information.

Recommendations For versions 4.0.0 and 4.0.1, consider disabling SSH access until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to SSH to minimize the risk of unauthorized access to communication.