CVE-2024-21418: Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Mar

Released

2024-03-12

EPSS Score

0.59% (percentile: 69.2%)

FAQ

What privileges could an attacker gain with a successful exploitation? An unprivileged attacker with read only permissions can escalate to Root in the Border Gateway Protocol container and perform specific actions that enable them to escape the container.

Affected Products (4)

Azure

• Software for Open Networking in the Cloud (SONiC) 202205
• Software for Open Networking in the Cloud (SONiC) 201911
• Software for Open Networking in the Cloud (SONiC) 201811
• Software for Open Networking in the Cloud (SONiC) 202012

Security Updates (1)

• Release Notes

Acknowledgments

Sarah Mulnick

Revision History

• 2024-03-12: Information published.