DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Resumo: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
High
Dados
| Third-party Component | CVEs | More Information |
| libtasn1-6 | CVE-2024-12133 | https://nvd.nist.gov/vuln/search |
| gnutls28 | CVE-2024-12243 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2025-24528 | https://nvd.nist.gov/vuln/search |
| radius | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Produtos afetados e soluções
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
Soluções temporárias e atenuações
| CVE ID | Workaround and Mitigation |
| CVE-2025-38741 |
To fully remediate CVE-2025-38741, please follow either one of the steps below.
sonic# crypto ssh-keygen ecdsa 256 sonic# crypto ssh-keygen rsa 2048 |
Histórico de revisão
| Revision | Date | Description |
| 1.0 | 2025-07-02 | Initial Release |
| 2.0 | 2025-08-01 | Updated to include CVE-2025-38741 |
Informações relacionadas
Aviso de isenção legal
Produtos afetados
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON
, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON
...
Propriedades do artigo
Número do artigo: 000340083
Tipo de artigo: Dell Security Advisory
Último modificado: 01 ago. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.