DSA-2025-396: Security Update for Dell Networking OS10 Vulnerabilities
摘要: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
|
Third-party Component |
CVEs |
More Information |
|
redis |
CVE-2025-32023, CVE-2025-48367 |
|
|
python-setuptools |
CVE-2022-40897, CVE-2024-6345, CVE-2025-47273 |
|
|
gnutls28 |
CVE-2025-6395, CVE-2025-32988, CVE-2025-32990 |
|
|
mariadb-10.3 |
CVE-2023-52968, CVE-2023-52969 |
|
|
libxslt |
CVE-2023-40403, CVE-2025-7424 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
受影响的产品和补救措施
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.5.16 |
Version 10.5.5.16 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.5.16 |
Version 10.5.5.16 |
- SmartFabric OS10 downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
修订历史记录
|
Revision |
Date |
Description |
|
1.0 |
2025-12-03 |
Initial Release |
确认
CVE-2025-46427, CVE-2025-46428: Dell would like to thank kkking for reporting these issues.
相关信息
法律免责声明
受影响的产品
PowerSwitch S3048-ON, PowerSwitch S4048-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON
, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch S6010-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9664F-ON
...
文章属性
文章编号: 000399565
文章类型: Dell Security Advisory
上次修改时间: 03 12月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。