CVE-2023-24574
📋 TL;DR
This vulnerability in Dell Enterprise SONiC OS allows unauthenticated remote attackers to cause denial of service by exploiting an uncontrolled resource consumption flaw in the authentication component. Attackers can create permanent home directories for unauthenticated users, potentially exhausting system resources. Affected systems include Dell Enterprise SONiC OS versions 3.5.3, 4.0.0, 4.0.1, and 4.0.2.
💻 Affected Systems
- Dell Enterprise SONiC OS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system resource exhaustion leading to denial of service, rendering the network device unavailable and disrupting network operations.
Likely Case
Degraded system performance due to resource consumption, potentially causing intermittent service disruptions and increased latency.
If Mitigated
Minimal impact with proper monitoring and resource limits in place, though vulnerability still exists.
🎯 Exploit Status
The vulnerability description suggests straightforward exploitation by creating directories, though specific exploit details aren't publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 4.0.2 (check vendor advisory for specific patched versions)
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2023-039. 2. Download and apply the appropriate patch for your SONiC version. 3. Reboot the device as required. 4. Verify the patch was successfully applied.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to SONiC management interfaces to trusted sources only
Resource Monitoring
linuxImplement monitoring for unusual disk space consumption or directory creation patterns
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable SONiC devices from untrusted networks
- Deploy rate limiting and monitoring for authentication attempts and directory creation activities
🔍 How to Verify
Check if Vulnerable:
Check SONiC OS version using 'show version' command and compare against affected versions (3.5.3, 4.0.0, 4.0.1, 4.0.2)Check Version:
show versionVerify Fix Applied:
Verify SONiC OS version is updated to a patched version and check for any unusual directory creation in /home or similar directories📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts, unexpected directory creation in home directories, system resource exhaustion alerts
Network Indicators:
- Multiple connection attempts to authentication services from single or distributed sources
SIEM Query:
source="sonic" AND (event_type="auth_failure" OR event_type="directory_create") | stats count by src_ip🔗 References
- https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability
