Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Dell Financial Services Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2025-068: Security Update for Dell Networking OS10 Vulnerabilities

Summary: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component

CVEs

More Information

libxml2

CVE-2016-3709, CVE-2022-2309, CVE-2016-9318

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

bind9

CVE-2023-4408, CVE-2024-1737, CVE-2024-1975

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

curl

CVE-2024-7264

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

python3.7

CVE-2024-0397, CVE-2024-4032, CVE-2023-27043, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-9287, CVE-2024-11168

 

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

expat

CVE-2024-45490, CVE-2024-45491, CVE-2024-45492

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

zeromq3

CVE-2021-20234, CVE-2021-20235, CVE-2021-20237

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

SQLite3

CVE-2019-19244, CVE-2021-36690, CVE-2023-7104

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

mariadb-10.3

CVE-2024-21096

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

e2fsprogs

CVE-2022-1304

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

python-cryptography

CVE-2020-25659

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

glib2.0

CVE-2024-52533

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

shadow

CVE-2018-7169, CVE-2023-4641, CVE-2023-29383

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

rsync

CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-49561

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-49559

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

 

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48017

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48015

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

 

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48828

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

 

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22474

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

 

6.8

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48830

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48013

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

 

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22473

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22472

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48831

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-49561

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-49559

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

 

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48017

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48015

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

 

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48828

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

 

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22474

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

 

6.8

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48830

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48013

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

 

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22473

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-22472

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.

 

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-48831

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Affected Versions

Remediated Versions

Link

Dell Networking OS10

10.5.6.x

10.5.6.8

SmartFabric OS10 downloads page

 

Product

Affected Versions

Remediated Versions

Link

Dell Networking OS10

10.5.6.x

10.5.6.8

SmartFabric OS10 downloads page

 

  • SmartFabric OS10 downloads are also available from your Dell Digital Locker.
  • The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Revision History

Revision

Date

Description

1.0

2025-03-17

Initial Release

2.0

2025-03-17

Updated the CVSS Base Score and CVSS Vector String for CVE-2024-48831

 

Acknowledgements

  • CVE-2024-49561: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.
  • CVE-2024-49559, CVE-2024-48017, CVE-2024-48015, CVE-2024-48828, CVE-2025-22474, CVE-2024-48830, CVE-2024-48013, CVE-2025-22473, CVE-2025-22472, CVE-2024-48831: Dell would like to thank n3k from TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

SmartFabric OS10 Software
Article Properties
Article Number: 000295014
Article Type: Dell Security Advisory
Last Modified: 17 Mar 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.