DSA-2025-396: Security Update for Dell Networking OS10 Vulnerabilities
摘要: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
High
詳細資料
|
Third-party Component |
CVEs |
More Information |
|
redis |
CVE-2025-32023, CVE-2025-48367 |
|
|
python-setuptools |
CVE-2022-40897, CVE-2024-6345, CVE-2025-47273 |
|
|
gnutls28 |
CVE-2025-6395, CVE-2025-32988, CVE-2025-32990 |
|
|
mariadb-10.3 |
CVE-2023-52968, CVE-2023-52969 |
|
|
libxslt |
CVE-2023-40403, CVE-2025-7424 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-46427 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
8.8 |
|
|
CVE-2025-46428 |
Dell SmartFabric OS10 Software, versions prior to 10.5.5.16, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
8.8 |
受影響的產品與補救措施
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.5.16 |
Version 10.5.5.16 |
|
Product |
Affected Versions |
Remediated Versions |
Link |
|
Dell Networking OS10 |
Versions prior to 10.5.5.16 |
Version 10.5.5.16 |
- SmartFabric OS10 downloads are also available from My Account.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
修訂歷史記錄
|
Revision |
Date |
Description |
|
1.0 |
2025-12-03 |
Initial Release |
感謝
CVE-2025-46427, CVE-2025-46428: Dell would like to thank kkking for reporting these issues.
相關資訊
法律免責聲明
受影響的產品
PowerSwitch S3048-ON, PowerSwitch S4048-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON
, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch S6010-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerSwitch Z9664F-ON
...
文章屬性
文章編號: 000399565
文章類型: Dell Security Advisory
上次修改時間: 03 12月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。