DSA-2025-068: Security Update for Dell Networking OS10 Vulnerabilities
Zhrnutie: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dosah
High
Podrobnosti
|
Third-party Component |
CVEs |
More Information |
|
libxml2 |
CVE-2016-3709, CVE-2022-2309, CVE-2016-9318 |
|
|
bind9 |
CVE-2023-4408, CVE-2024-1737, CVE-2024-1975 |
|
|
curl |
CVE-2024-7264 |
|
|
python3.7 |
CVE-2024-0397, CVE-2024-4032, CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-9287, CVE-2024-11168
|
|
|
expat |
CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 |
|
|
zeromq3 |
CVE-2021-20234, CVE-2021-20235, CVE-2021-20237 |
|
|
SQLite3 |
CVE-2019-19244, CVE-2021-36690, CVE-2023-7104 |
|
|
mariadb-10.3 |
CVE-2024-21096 |
|
|
e2fsprogs |
CVE-2022-1304 |
|
|
python-cryptography |
CVE-2020-25659 |
|
|
glib2.0 |
CVE-2024-52533 |
|
|
shadow |
CVE-2018-7169, CVE-2023-4641, CVE-2023-29383 |
|
|
rsync |
CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 |
|
|
redis-py |
CVE-2023-28859 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-49561 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
7.8 |
|
|
CVE-2024-49559 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
|
8.8 |
|
|
CVE-2024-48017 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
6.5 |
|
|
CVE-2024-48015 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
6.7 |
|
|
CVE-2024-48828 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
|
5.5 |
|
|
CVE-2025-22474 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
|
6.8 |
|
|
CVE-2024-48830 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
7.8 |
|
|
CVE-2024-48013 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
8.8 |
|
|
CVE-2025-22473 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
7.8 |
|
|
CVE-2025-22472 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.
|
7.8 |
|
|
CVE-2024-48831 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.4 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-49561 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
7.8 |
|
|
CVE-2024-49559 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
|
8.8 |
|
|
CVE-2024-48017 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
6.5 |
|
|
CVE-2024-48015 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
6.7 |
|
|
CVE-2024-48828 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
|
5.5 |
|
|
CVE-2025-22474 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.
|
6.8 |
|
|
CVE-2024-48830 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
7.8 |
|
|
CVE-2024-48013 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
8.8 |
|
|
CVE-2025-22473 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
7.8 |
|
|
CVE-2025-22472 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.
|
7.8 |
|
|
CVE-2024-48831 |
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
8.4 |
Dotknuté produkty a riešenie problému
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
10.5.6.x |
10.5.6.8 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
10.5.6.x |
10.5.6.8 |
- SmartFabric OS10 downloads are also available from your Dell Digital Locker.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
História revízií
|
Revision |
Date |
Description |
|
1.0 |
2025-03-17 |
Initial Release |
|
2.0 |
2025-03-17 |
Updated the CVSS Base Score and CVSS Vector String for CVE-2024-48831 |
|
3.0 |
2025-04-02 |
Added CVE-2023-28859 and redis-py to the Third-Party Components table |
Potvrdenia
- CVE-2024-49561: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.
- CVE-2024-49559, CVE-2024-48017, CVE-2024-48015, CVE-2024-48828, CVE-2025-22474, CVE-2024-48830, CVE-2024-48013, CVE-2025-22473, CVE-2025-22472, CVE-2024-48831: Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.