Security Advisory

Dell family security update advisory

  • Jul 01 2024

Overview
 

An update has been released to address vulnerabilities in the DELL family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products
 

CVE-2024-28974

  • Dell Data Protection Advisor versions: 19.7, 19.8, 19.9, 19.10

 

CVE-2024-0161, CVE-2024-0172

  • Dell Avamar Data Store ADS Gen5A Version

CVE-2024-29176, CVE-2024-37140

  • Dell PowerProtect DD series, Dell PowerProtect DD series, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage Versions: 7.0 (inclusive) ~ 7.13 (inclusive)
  • PowerProtect DP series – IDPA all model versions: 2.7.7 or below
  • PowerProtect Data Manager Appliance DM5500 model version: 5.16.00 or below

CVE-2024-25951

  • iDRAC8 versions: 2.85.85.85 or below

 

Resolved Vulnerabilities

Improper cipher strength vulnerability in Dell Data Protection Advisor that could allow a low privileged remote attacker to cause a denial of service (CVE-2024-28974)
vulnerabilities in Dell Data Protection Advisor that could allow a malicious user to compromise an affected system by exploiting a vulnerability (CVE-2024-0161, CVE-2024-0172)
buffer overflow vulnerability that could allow a remote attacker with low privilege to use the privileges of an application to cause the application to crash or execute arbitrary code on the application’s underlying operating system (CVE-2024-29176)
command injection vulnerability that allows a remote attacker with low privilege to execute arbitrary OS commands on the system application’s underlying OS using the application’s privileges (CVE-2024-37140)
Command injection vulnerability in LOCAL RACADM that could allow a malicious authenticated user to take control of the underlying operating system (CVE-2024-25951)

Vulnerability Patches

CVE-2024-28974

  • Data Protection Advisor Agent version: 19.10

Cve-2024-0161, cve-2024-0172

  • Avamar Gen5a Dec 2023 firmware block update version

Cve-2024-29176, cve-2024-37140

  • Dell PowerProtect DD series, Dell PowerProtect DD series, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage version
  1. 8.0.0.10 or higher or 7.13.1.0 or higher maintain LTS2024 7.13 version
  2. 7.13.1.0 and later versions: maintain LTS2024 7.13 version
  3. 7.10.1.30 and later versions: maintains LTS2023 7.10 version
  4. 7.7.5.40 and later versions: maintain LTS2022 7.7 version
  • PowerProtect DP series – IDPA all model versions: 2.7.7 or later, DDOS 7.10.1.30
  • PowerProtect Data Manager Appliance DM5500 models Version: 5.16.00 or later

CVE-2024-25951

  • iDRAC8 version: 2.85.85.85 or later

 

Referenced Sites

[1] DSA-2024-279: Security Update for Data Protection Advisor for Multiple Vulnerabilities

Https://www.dell.com/support/kbdoc/en-ca/000226456/dsa-2024-279-security-update-for-data-protection-advisor-for-multiple-vulnerabilities

[2] DSA-2024-250: Security update for Dell Avamar, Dell Integrated Data Protection Appliance (IDPA) Security Update for Multiple Vulnerabilities

Https://www.dell.com/support/kbdoc/ko-kr/000226426/dsa-2024-250-security-update-for-dell-avamar-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities

[3] DSA-2024-219: Dell Technologies PowerProtect DD Security Update for Multiple Security Vulnerabilities

Https://www.dell.com/support/kbdoc/ko-kr/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

[4] DSA-2024-089: Security Update for Dell iDRAC8 local RACADM Vulnerability

Https://www.dell.com/support/kbdoc/ko-kr/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability

Tags:

Previous Post

Next Post