DSA-2025-395: Security Update for Dell Networking OS10 Vulnerabilities
概要: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
|
Third-party Component |
CVEs |
More Information |
|
redis |
CVE-2025-32023, CVE-2025-48367 |
|
|
python-setuptools |
CVE-2022-40897, CVE-2024-6345, CVE-2025-47273 |
|
|
gnutls28 |
CVE-2025-6395, CVE-2025-32988, CVE-2025-32990 |
|
|
mariadb-10.3 |
CVE-2023-52968, CVE-2023-52969 |
|
|
libxslt |
CVE-2023-40403, CVE-2025-7424 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.6.11, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
影響を受ける製品と修復
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.6.11 |
Version 10.5.6.11 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.6.11 |
Version 10.5.6.11 |
- SmartFabric OS10 downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
変更履歴
|
Revision |
Date |
Description |
|
1.0 |
2025-12-04 |
Initial Release |
確認
CVE-2025-46427, CVE-2025-46428: Dell would like to thank kkking for reporting these issues.
関連情報
法的免責事項
対象製品
PowerSwitch S3048-ON, PowerSwitch S4048-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON
, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch S6010-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9664F-ON
...
文書のプロパティ
文書番号: 000399887
文書の種類: Dell Security Advisory
最終更新: 04 12月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。