CVE-2023-24574

Name of the Vulnerable Software and Affected Versions Dell Enterprise SONiC OS versions 3.5.3, 4.0.0, 4.0.1, 4.0.2

Description The issue is related to an uncontrolled resource consumption vulnerability in the authentication component. This could allow an unauthenticated remote attacker to exploit the vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.

Recommendations For versions 3.5.3, 4.0.0, 4.0.1, 4.0.2, consider disabling the authentication component temporarily until a patch is available to prevent uncontrolled resource consumption. Restrict access to the authentication module to minimize the risk of exploitation. Avoid allowing unauthenticated users to create permanent home directories until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.