Security Advisory

Dell Family May 2024 1st Security Update Advisory

  • May 02 2024

Overview

 

We have released updates to fix vulnerabilities in the DELL family of products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

Cve-2022-34440, cve-2022-34441, cve-2022-34442, cve-2022-34462

  • Dell SCG Policy Manager Version: 5.12.00.00

 

CVE-2024-25959

  • PowerScale OneFS Versions: 9.4.0.0 (inclusive) to 9.4.0.16 (inclusive)
  • PowerScale OneFS Versions : 9.5.0.0 (inclusive) to 9.5.0.7 (inclusive)
  • PowerScale OneFS versions: 9.7.0.0 (inclusive) to 9.7.0.1 (inclusive)

 

CVE-2024-25960

  • PowerScale OneFS Versions: 8.2.2 (inclusive) through 9.3.0.0 (inclusive)
  • PowerScale OneFS Versions: 9.4.0.0 (inclusive) to 9.4.0.16 (inclusive)
  • PowerScale OneFS versions : 9.5.0.0 (inclusive) to 9.5.0.7 (inclusive)
  • PowerScale OneFS versions : 9.6.1.0 (inclusive) to 9.7.0.0 (inclusive)
  • PowerScale OneFS versions: 9.7.0.0 (inclusive) to 9.7.0.1 (inclusive)

 

Cve-2023-48663, cve-2023-48671, cve-2023-48665, cve-2023-48664, cve-2023-48662, cve-2023-48660

  • Unisphere for PowerMax Virtual Appliance version: ~ 9.2.4.7 (excluded)
  • Solutions Enabler Virtual Appliance version: ~ 9.2.4.5 (excluded)
  • Dell PowerMax EEM Version : 5978

 

Resolved Vulnerabilities

 

Hard-coded encryption key vulnerability in Dell EMC SCG Policy Manager (CVE-2022-34440, CVE-2022-34441, CVE-2022-34442, CVE-2022-34462)

Log file injections of sensitive information vulnerability in Dell PowerScale OneFS (CVE-2024-25959)

Plain text transmission of sensitive information vulnerability in Dell PowerScale OneFS (CVE-2024-25960)

Command injection vulnerabilities in Dell vApp Manager (CVE-2023-48663, CVE-2023-48664, CVE-2023-48662)

Information Disclosure Vulnerabilities in Dell vApp Manager (CVE-2023-48671, CVE-2023-48665)

Arbitrary File Read Vulnerability in Dell vApp Manager (CVE-2023-48660)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2022-34440, cve-2022-34441, cve-2022-34442, cve-2022-34462

  • Dell SCG Policy Manager Version: 5.14.00.00

 

CVE-2024-25959

  • PowerScale OneFS Version: 9.4.0.17
  • PowerScale OneFS Version: 9.5.0.7
  • PowerScale OneFS Version: 9.7.0.2

 

CVE-2024-25960

  • PowerScale OneFS Version : 9.5.0.8 (inclusive)
  • PowerScale OneFS Version : 9.4.0.17 (inclusive)
  • PowerScale OneFS Version : 9.7.0.2 (incl.)

 

Cve-2023-48663, cve-2023-48671, cve-2023-48665, cve-2023-48664, cve-2023-48662, cve-2023-48660

  • Unisphere for PowerMax Virtual Appliance version: 9.2.4.7
  • Solutions Enabler Virtual Appliance Version: 9.2.4.5
  • Dell PowerMax EEM Version: 5978.714.714 Patch 10120

 

Referenced Sites

 

[1] DSA-2022-273: Dell Secure Connect Gateway (SCG) Policy Manager Security Update for Multiple Proprietary Code Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities

[2] DSA-2024-115: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000223366/dsa-2024-115-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities

[3] DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Security Update for Multiple Vulnerabilities
https://www.dell.com/support/kbdoc/ko-kr/000220427/dsa-2023-443-dell-powermaxos-5978-dell-unisphere-360-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-solutions-enabler-virtual-appliance-and-dell-powermax-eem-security-update-for-multiple-vulnerabilities

Tags:

Previous Post

Next Post