Security Advisory

Dell Family April 2024 Security Update Advisory

  • Apr 29 2024

Overview

 

Dell has released an update to address a vulnerability in its products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

Cve-2023-48671, cve-2023-48660, cve-2023-48664, cve-2023-48665, cve-2023-48663, cve-2023-48662

  • Unisphere for PowerMax Virtual Appliance versions prior to 9.2.4.7
  • Solutions Enabler Virtual Appliance versions prior to 9.2.4.5
  • Dell PowerMax EEM Embedded Management 5978 version

 

CVE-2024-28976

  • Dell Repository Manager version prior to 3.4.5

 

Cve-2024-25955, cve-2024-25946

  • Unisphere for PowerMax Virtual Appliance versions prior to 9.2.4.9
  • Solutions Enabler Virtual Appliance versions prior to 9.2.4.6
  • Dell PowerMax EEM Embedded Management 5978 version

 

CVE-2024-0161

  • Dell EMC VxRail Appliance 8.0.x versions prior to 8.0.211

 

Resolved Vulnerabilities

 

Information Disclosure Vulnerability in Dell vApp Manager (CVE-2023-48671)

Arbitrary file read vulnerability in Dell vApp Manager (CVE-2023-48660)

Command Injection Vulnerabilities in Dell vApp Manager (CVE-2023-48664, CVE-2023-48665, CVE-2023-48663, CVE-2023-48662, CVE-2024-25955, CVE-2024-25946)

Path traversal vulnerability in the API module in Dell Repository Manager (CVE-2024-28976)

Improper SMM Communication Buffer Check Vulnerability inDell PowerEdge Server BIOS and Dell Precision Rack BIOS(CVE-2024-0161)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2023-48671, cve-2023-48660, cve-2023-48664, cve-2023-48665, cve-2023-48663, cve-2023-48662

  • Unisphere for PowerMax Virtual Appliance version 9.2.4.7
  • Solutions Enabler Virtual Appliance Virtual Appliance 9.2.4.5 version
  • Dell PowerMax EEM Embedded Management 5978.714.714 Patch 10120 version

 

CVE-2024-28976

  • Dell Repository Manager 3.4.5 version

 

Cve-2024-25955, cve-2024-25946

  • Unisphere for PowerMax Virtual Appliance version 9.2.4.9
  • Solutions Enabler Virtual Appliance 9.2.4.6 version
  • Dell PowerMax EEM Embedded Management 5978.714.714 Patch 10318 version

 

CVE-2024-0161

  • Dell EMC VxRail Appliance 8.0.211 version

 

Referenced Sites

 

[1] DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Security Update for Multiple Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities

[2] DSA-2024-189: Security Update for Dell Repository Manager Vulnerability

https://www.dell.com/support/kbdoc/ko-kr/000224412/dsa-2024-189-security-update-for-dell-repository

[3] DSA-2024-108: Dell PowerMaxOS 5978, Dell PowerMax OS 10.0.1.5, Dell PowerMax OS 10.1.0.2, Dell Unisphere 360, Unisphere PowerMax, Unisphere PowerMax vApp, Dell Solutions Enabler vApp, and Dell PowerMax EEM Security Update for Multiple Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000223609/dsa-2024-108-dell-powermaxos-5978-dell-powermax-os-10-0-1-5-dell-powermax-os-10-1-0-2-dell-unisphere-360-unisphere-powermax-unisphere-powermax-vapp-dell-solutions-enabler-vapp-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities

[4] DSA-2024-178: Security Update for Dell VxRail 8.0.211 Multiple Third-Party Component Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000224302/dsa-2024-178-security-update-for-dell-vxrail-8-0-211-multiple-third-party-component-vulnerabilities

Tags:

Previous Post

Next Post