Dell Networking OS10 Vulnerabilities Addressed in Updates

Multiple security vulnerabilities have been identified in Dell SmartFabric OS10, including flaws within both proprietary OS10 code and bundled third-party components such as Linux kernel, OpenSSL, Redis, BIND9, OpenSSH, systemd, and libtiff. Successful exploitation could result in command execution, privilege escalation, information disclosure, or denial of service. The most severe proprietary vulnerabilities affect OS10 versions prior to 10.6.0.7 and allow command execution by a low-privileged remote attacker. Dell has released version 10.6.0.7 to remediate these issues.

CVE
CVE-2025-46427
CVE-2025-46428
Additionally, numerous third-party CVEs affecting embedded Linux and associated packages are addressed within the same update release.

Targeting / Delivery Mechanism
Exploitation vectors vary depending on the vulnerable component. Proprietary OS10 flaws may be triggered by authenticated low-privileged users with remote access. Third-party vulnerabilities may be exploited via network services, crafted input, or exposed management interfaces depending on configuration and exposure.

Execution Technique
The most critical OS10 vulnerabilities involve improper neutralisation of special elements in system commands, enabling command injection. Third-party component vulnerabilities include memory corruption, privilege escalation, and service-level denial of service conditions.

Persistence / Deployment
If successfully exploited, attackers could execute arbitrary commands, escalate privileges, modify configurations, or establish persistence within the network operating system, potentially compromising switching infrastructure.