DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Riepilogo: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
High
Dettagli
| Third-party Component | CVEs | More Information |
| libtasn1-6 | CVE-2024-12133 | https://nvd.nist.gov/vuln/search |
| gnutls28 | CVE-2024-12243 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2025-24528 | https://nvd.nist.gov/vuln/search |
| radius | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Prodotti interessati e correzione
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
Soluzioni alternative e mitigazioni
| CVE ID | Workaround and Mitigation |
| CVE-2025-38741 |
To fully remediate CVE-2025-38741, please follow either one of the steps below.
sonic# crypto ssh-keygen ecdsa 256 sonic# crypto ssh-keygen rsa 2048 |
Cronologia delle revisioni
| Revision | Date | Description |
| 1.0 | 2025-07-02 | Initial Release |
| 2.0 | 2025-08-01 | Updated to include CVE-2025-38741 |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON
, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON
...
Proprietà dell'articolo
Numero articolo: 000340083
Tipo di articolo: Dell Security Advisory
Ultima modifica: 01 ago 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.