DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Yhteenveto: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tämä artikkeli koskee tuotetta
Tämä artikkeli ei koske tuotetta
Tämä artikkeli ei liity tiettyyn tuotteeseen.
Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Vaikutus
High
Tiedot
| Third-party Component | CVEs | More Information |
| libtasn1-6 | CVE-2024-12133 | https://nvd.nist.gov/vuln/search |
| gnutls28 | CVE-2024-12243 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2025-24528 | https://nvd.nist.gov/vuln/search |
| radius | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
Kiertotavat ja lievennyskeinot
| CVE ID | Workaround and Mitigation |
| CVE-2025-38741 |
To fully remediate CVE-2025-38741, please follow either one of the steps below.
sonic# crypto ssh-keygen ecdsa 256 sonic# crypto ssh-keygen rsa 2048 |
Versiohistoria
| Revision | Date | Description |
| 1.0 | 2025-07-02 | Initial Release |
| 2.0 | 2025-08-01 | Updated to include CVE-2025-38741 |
Asiaan liittyvät tiedot
Vastuuvapauslauseke
Tuotteet, joihin vaikutus kohdistuu
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON
, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON
...
Artikkelin ominaisuudet
Artikkelin numero: 000340083
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 01 elok. 2025
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.