CVE-2021-36309

Summary

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

Affected Software

VendorProductVersion RangeStatus
DellEnterprise SONiC OSunspecified < 3.4.0affected

Weaknesses

  • CWE-256: CWE-256: Unprotected Storage of Credentials

ADP Enrichment

CVE Program Container

Additional References

References