{"cve":{"cve_id":"CVE-2023-24574","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0089,"epss_percentile":0.54688,"epss_as_of":"2026-06-23","description":"\nDell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an \"Uncontrolled Resource Consumption vulnerability\" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.\n\n","published_at":"2023-02-02T16:04:58.071000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-400"],"nvd_references":["https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:26:58.091002Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"dell","vendor_name":"Dell","product_slug":"enterprise-sonic-os","product_name":"Enterprise SONiC OS","version_start":"0","version_start_inclusive":true,"version_end":"3.5.3, 3.5.4, 4.0.0, 4.0.1, 4.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:dell:enterprise-sonic-os:0:3.5.3, 3.5.4, 4.0.0, 4.0.1, 4.0.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-02-02T16:04:58.071000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:27:07.118971Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:27:07.118971Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:27:07.118971Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:26:58.091002Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:26:58.091002Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:26:58.091002Z","label":"SSVC decision revised","source":"vulnrichment"}]}