DSA-2025-395: Security Update for Dell Networking OS10 Vulnerabilities
Yhteenveto: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Vaikutus
High
Tiedot
|
Third-party Component |
CVEs |
More Information |
|
redis |
CVE-2025-32023, CVE-2025-48367 |
|
|
python-setuptools |
CVE-2022-40897, CVE-2024-6345, CVE-2025-47273 |
|
|
gnutls28 |
CVE-2025-6395, CVE-2025-32988, CVE-2025-32990 |
|
|
mariadb-10.3 |
CVE-2023-52968, CVE-2023-52969 |
|
|
libxslt |
CVE-2023-40403, CVE-2025-7424 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.6.11 |
Version 10.5.6.11 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.6.11 |
Version 10.5.6.11 |
- SmartFabric OS10 downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Versiohistoria
|
Revision |
Date |
Description |
|
1.0 |
2025-12-04 |
Initial Release |
Kiitokset
CVE-2025-46427, CVE-2025-46428: Dell would like to thank kkking for reporting these issues.