DSA-2025-407: Security Update for Dell Networking OS10 Vulnerabilities
Résumé: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
High
Détails
|
Third-party Component |
CVEs |
More Information |
|
redis |
CVE-2025-27151, CVE-2025-32023, CVE-2025-48367 |
|
|
systemd |
CVE-2025-4598 |
|
|
linux |
CVE-2024-36350, CVE-2024-36357, CVE-2024-36913, CVE-2024-41013, CVE-2024-56758, CVE-2024-57883, CVE-2025-21816, CVE-2025-22119, CVE-2025-27558, CVE-2025-37958, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38040, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38062, CVE-2025-38063, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38068, CVE-2025-38071, CVE-2025-38072, CVE-2025-38074, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38083, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088, CVE-2025-38090, CVE-2025-38097, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113, CVE-2025-38115, CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38124, CVE-2025-38126, CVE-2025-38131, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38142, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154, CVE-2025-38157, CVE-2025-38158, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38165, CVE-2025-38166, CVE-2025-38167, CVE-2025-38170, CVE-2025-38173, CVE-2025-38174, CVE-2025-38180, CVE-2025-38181, CVE-2025-38183, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38191, CVE-2025-38193, CVE-2025-38194, CVE-2025-38197, CVE-2025-38198, CVE-2025-38200, CVE-2025-38202, CVE-2025-38211, CVE-2025-38212, CVE-2025-38214, CVE-2025-38215, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38225, CVE-2025-38226, CVE-2025-38227, CVE-2025-38229, CVE-2025-38230, CVE-2025-38231, CVE-2025-38236, CVE-2025-38239, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38259, CVE-2025-38260, CVE-2025-38262, CVE-2025-38263, CVE-2025-38273, CVE-2025-38275, CVE-2025-38277, CVE-2025-38280, CVE-2025-38282, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38300, CVE-2025-38304, CVE-2025-38305, CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38331, CVE-2025-38332, CVE-2025-38334, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348, CVE-2025-38350, CVE-2025-38352, CVE-2025-38354, CVE-2025-38362, CVE-2025-38363, CVE-2025-38364, CVE-2025-38365, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38380, CVE-2025-38382, CVE-2025-38384, CVE-2025-38385, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38396, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38409, CVE-2025-38410, CVE-2025-38412, CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420, CVE-2025-38422, CVE-2025-38424, CVE-2025-38425, CVE-2025-38428, CVE-2025-38430, CVE-2025-38437, CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38448, CVE-2025-38451, CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38470, CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38477, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38498, CVE-2025-38499, CVE-2024-26618, CVE-2024-26783, CVE-2024-26807, CVE-2024-28956, CVE-2024-35790, CVE-2024-36903, CVE-2024-36927, CVE-2024-43840, CVE-2024-46751, CVE-2024-53203, CVE-2024-53209, CVE-2024-57945, CVE-2025-21645, CVE-2025-21839, CVE-2025-21931, CVE-2025-22062, CVE-2025-37819, CVE-2025-37890, CVE-2025-37897, CVE-2025-37901, CVE-2025-37902, CVE-2025-37903, CVE-2025-37905, CVE-2025-37909, CVE-2025-37911, CVE-2025-37912, CVE-2025-37913, CVE-2025-37914, CVE-2025-37915, CVE-2025-37917, CVE-2025-37921, CVE-2025-37923, CVE-2025-37924, CVE-2025-37927, CVE-2025-37928, CVE-2025-37929, CVE-2025-37930, CVE-2025-37932, CVE-2025-37936, CVE-2025-37947, CVE-2025-37948, CVE-2025-37949, CVE-2025-37951, CVE-2025-37953, CVE-2025-37959, CVE-2025-37961, CVE-2025-37962, CVE-2025-37963, CVE-2025-37964, CVE-2025-37967, CVE-2025-37969, CVE-2025-37970, CVE-2025-37972, CVE-2025-37990, CVE-2025-37991 |
|
|
tiff |
CVE-2025-9900 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-48829 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
|
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-48829 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
6.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
|
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
Produits concernés et mesure corrective
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.6.1.0 |
Version 10.6.1.0 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.6.1.0 |
Version 10.6.1.0 |
- SmartFabric OS10 downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Historique des révisions
|
Revision |
Date |
Description |
|
1.0 |
2025-11-12 |
Initial Release |
Remerciements
- CVE-2024-48829: Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
- CVE-2025-46427, CVE-2025-46428: Dell would like to thank kkking for reporting these issues.