DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities

摘要: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

High

详情

Third-party Component CVEs More Information
libtasn1-6 CVE-2024-12133 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
gnutls28 CVE-2024-12243 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2025-24528 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
radius CVE-2024-3596 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-38741 Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-38741 Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 Dell Enterprise SONiC Distribution Versions prior to 4.5.0 Version 4.5.0 Link to update
CVE-2025-38741 Dell Enterprise SONiC Distribution Version 4.5.0 Version 4.5.0a Link to update

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 Dell Enterprise SONiC Distribution Versions prior to 4.5.0 Version 4.5.0 Link to update
CVE-2025-38741 Dell Enterprise SONiC Distribution Version 4.5.0 Version 4.5.0a Link to update

 

解决方法和缓解措施

CVE ID Workaround and Mitigation
CVE-2025-38741

To fully remediate CVE-2025-38741, please follow either one of the steps below. 

  1. Users that have installed 4.5.0 and will remain on 4.5.0 must run the CLI commands below to regenerate new key pairs for the SSH server.
  2. Users may also upgrade to 4.5.0a for full remediation without being required to run the CLI commands below.

sonic# crypto ssh-keygen ecdsa 256

sonic# crypto ssh-keygen rsa 2048

 

 

 

修订历史记录

RevisionDateDescription
1.02025-07-02Initial Release
2.02025-08-01Updated to include CVE-2025-38741

 

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON , PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON ...
文章属性
文章编号: 000340083
文章类型: Dell Security Advisory
上次修改时间: 01 8月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。