DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Résumé: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Third-party Component | CVEs | More Information |
| libtasn1-6 | CVE-2024-12133 | https://nvd.nist.gov/vuln/search |
| gnutls28 | CVE-2024-12243 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2025-24528 | https://nvd.nist.gov/vuln/search |
| radius | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Produits concernés et mesure corrective
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
Solutions de contournement et mesures d’atténuation
| CVE ID | Workaround and Mitigation |
| CVE-2025-38741 |
To fully remediate CVE-2025-38741, please follow either one of the steps below.
sonic# crypto ssh-keygen ecdsa 256 sonic# crypto ssh-keygen rsa 2048 |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2025-07-02 | Initial Release |
| 2.0 | 2025-08-01 | Updated to include CVE-2025-38741 |
Informations connexes
Mention légale
Produits concernés
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON
, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON
...
Propriétés de l’article
Numéro d’article: 000340083
Type d’article: Dell Security Advisory
Dernière modification: 01 août 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.