CVE-2024-45763

Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x

Description: The issue is related to an improper neutralization of special elements used in an OS command, which can be exploited by a high-privileged attacker with remote access to execute arbitrary commands. This is a critical severity issue that could lead to command execution and potentially allow a remote attacker to gain unauthorized access due to a weakness in the authentication process.

Recommendations: For Dell Enterprise SONiC OS versions 4.1.x through 4.2.x, upgrade to a newer version at the earliest opportunity to prevent remote attacks. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Avoid using vulnerable functions or parameters in affected API endpoints until the issue is resolved.