Introduction
Unauthorized access to network management can lead to exposure of sensitive communications and compromise of critical infrastructure. Dell Enterprise SONiC OS, a widely used network operating system in data centers and cloud environments, was recently found to contain a cryptographic key vulnerability in its SSH implementation that allows unauthenticated remote attackers to intercept or access communications.
Dell Technologies is a global leader in enterprise IT, with a comprehensive portfolio spanning servers, storage, networking, and software. Their Enterprise SONiC OS is a commercial distribution of the open-source SONiC platform, powering network switches in large-scale data centers and cloud deployments worldwide. The security of SONiC OS is critical for organizations relying on Dell's networking solutions for secure and reliable operations.
Technical Information
CVE-2025-38741 affects Dell Enterprise SONiC OS version 4.5.0. The vulnerability is classified under CWE-321 (Use of Hard-coded Cryptographic Key). The root cause is improper cryptographic key management in the SSH service, resulting in the use of hard-coded or predictable keys. This flaw enables unauthenticated remote attackers to compromise SSH communications, leading to unauthorized access to network management interfaces and sensitive data.
The vulnerability is characterized by the following CVSS vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector: Network (can be exploited remotely)
- Attack Complexity: Low (no special conditions required)
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Dell's advisory confirms that the issue is resolved by regenerating SSH keys using the following CLI commands:
sonic# crypto ssh-keygen ecdsa 256
sonic# crypto ssh-keygen rsa 2048
The permanent fix is included in version 4.5.0a.
Affected Systems and Versions
- Product: Dell Enterprise SONiC OS
- Affected Version: 4.5.0 only
- Fixed Version: 4.5.0a and later
- Vulnerable configuration: Default SSH key management in version 4.5.0
Vendor Security History
Dell has previously addressed similar SSH key vulnerabilities in their SONiC OS products. For example, DSA-2022-257 covered SSH cryptographic key issues in earlier versions. Dell's response to vulnerabilities is generally prompt, with clear advisories and patch releases. However, the recurrence of cryptographic key management issues indicates an area for ongoing improvement in their development and QA processes.