DSA-2022-257: Dell Enterprise SONiC Security Update for SSH Cryptographic Key Vulnerability.
Summary: Dell Enterprise SONiC remediation is available for an SSH cryptographic key vulnerability that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-344225 | Dell Enterprise SONiC operating system 4.0.0 and 4.0.1 contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-344225 | Dell Enterprise SONiC operating system 4.0.0 and 4.0.1 contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Enterprise SONiC Distribution | Versions 4.0.0 and 4.0.1 | 4.0.2 | Link to update |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Enterprise SONiC Distribution | Versions 4.0.0 and 4.0.1 | 4.0.2 | Link to update |
Workarounds & Mitigations
Delete installed SSH keys and restart SSHD service.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-09-15 | Initial Release |
Related Information
Legal Disclaimer
Products
Product Security InformationArticle Properties
Article Number: 000203395
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.