DELL Family (Client BIOS, Data Protection, Telemetry Dashboard) Security Update Advisory
Overview
DELL has released updates to fix vulnerabilities in their family of products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2023-43088
- Dell Client BIOS Precision 7865 Tower version: ~1.5.0 (excluded)
CVE-2024-28974
- Dell Data Protection Advisor version: 19.9
CVE-2024-30472
- Dell ThinOS 2402 Telemetry Dashboard version: 1.0.0.8
Resolved Vulnerabilities
An authenticated attacker with physical access to the system can execute arbitrary code on the device (CVE-2023-43088)
Improper cryptographic strength vulnerability that could potentially allow a low privileged attacker with remote access to cause a denial of service (CVE-2024-28974)
Vulnerability that could allow an unauthenticated user with local access to the device to disclose information (CVE-2024-30472)
Vulnerability Patches
CVE-2023-43088
- Dell Precision 7865 Tower version: 1.5.0 or later
CVE-2024-28974
- Data Protection Advisor Agent version: 19.10
CVE-2024-30472
- Dell ThinOS 2405 Telemetry Dashboard version: 1.1.0.6
Referenced Sites
[1] DSA-2023-377: Security Update for a Dell Client BIOS Vulnerability
[2] DSA-2024-279: Security Update for Data Protection Advisor for Multiple Vulnerabilities
[3] DSA-2024-229: Security Update for Dell ThinOS Vulnerabilities
Https://http://www.dell.com/support/kbdoc/ko-kr/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities