DSA-2025-275: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities

摘要: Dell Enterprise SONiC remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

High

詳細資料

Third-party Component CVEs More Information
libtasn1-6 CVE-2024-12133 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
gnutls28 CVE-2024-12243 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2025-24528 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
radius CVE-2024-3596 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-38741 Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-38741 Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 Dell Enterprise SONiC Distribution Versions prior to 4.5.0 Version 4.5.0 Link to update
CVE-2025-38741 Dell Enterprise SONiC Distribution Version 4.5.0 Version 4.5.0a Link to update

 

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2024-12133, CVE-2024-12243, CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-24528, CVE-2024-3596 Dell Enterprise SONiC Distribution Versions prior to 4.5.0 Version 4.5.0 Link to update
CVE-2025-38741 Dell Enterprise SONiC Distribution Version 4.5.0 Version 4.5.0a Link to update

 

因應措施與緩解措施

CVE ID Workaround and Mitigation
CVE-2025-38741

To fully remediate CVE-2025-38741, please follow either one of the steps below. 

  1. Users that have installed 4.5.0 and will remain on 4.5.0 must run the CLI commands below to regenerate new key pairs for the SSH server.
  2. Users may also upgrade to 4.5.0a for full remediation without being required to run the CLI commands below.

sonic# crypto ssh-keygen ecdsa 256

sonic# crypto ssh-keygen rsa 2048

 

 

 

修訂歷史記錄

RevisionDateDescription
1.02025-07-02Initial Release
2.02025-08-01Updated to include CVE-2025-38741

 

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

Enterprise SONiC Distribution, PowerSwitch E3200-ON Series, Dell EMC Networking N3200-ON, PowerSwitch S3248T-ON, PowerSwitch S4348F/S4348T-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON , PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9864F-ON ...
文章屬性
文章編號: 000340083
文章類型: Dell Security Advisory
上次修改時間: 01 8月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。