DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
Sammanfattning: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Den här artikeln gäller för
Den här artikeln gäller inte för
Den här artikeln är inte kopplad till någon specifik produkt.
Alla produktversioner identifieras inte i den här artikeln.
Påverkan
High
Information
| Third-party Component | CVEs | More Information |
| libtasn1-6 | CVE-2024-12133 | https://nvd.nist.gov/vuln/search |
| gnutls28 | CVE-2024-12243 | https://nvd.nist.gov/vuln/search |
| libxml2 | CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2025-24528 | https://nvd.nist.gov/vuln/search |
| radius | CVE-2024-3596 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-38741 | Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Berörda produkter och åtgärder
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 | Dell Enterprise SONiC Distribution | Versions prior to 4.5.0 | Version 4.5.0 | Link to update |
| CVE-2025-38741 | Dell Enterprise SONiC Distribution | Version 4.5.0 | Version 4.5.0a | Link to update |
Lösningar och åtgärder
| CVE ID | Workaround and Mitigation |
| CVE-2025-38741 |
To fully remediate CVE-2025-38741, please follow either one of the steps below.
sonic# crypto ssh-keygen ecdsa 256 sonic# crypto ssh-keygen rsa 2048 |
Revideringshistorik
| Revision | Date | Description |
| 1.0 | 2025-07-02 | Initial Release |
| 2.0 | 2025-08-01 | Updated to include CVE-2025-38741 |
Relaterad information
Juridisk friskrivning
Berörda produkter
Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON
, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON
...
Artikelegenskaper
Artikelnummer: 000340083
Artikeltyp: Dell Security Advisory
Senast ändrad: 01 aug. 2025
Få svar på dina frågor från andra Dell-användare
Supporttjänster
Kontrollera om din enhet omfattas av supporttjänster.