Security Advisory

Dell Product Security Update Advisory

  • Sep 10 2024

Overview

An update has been released to address vulnerabilities in Dell Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-39585, CVE-2024-38486

  • Dell SmartFabric OS10 Software versions: 10.5.5.4 (inclusive) ~ 10.5.5.10 (inclusive)
  • Dell SmartFabric OS10 Software versions: 10.5.6.x

 

CVE-2024-39583, CVE-2024-39581

  • Dell PowerScale InsightIQ versions: 5.0 (inclusive) ~ 5.1 (inclusive)

 

CVE-2024-42427

  • Dell ThinOS versions: 2402, 2405

 

Resolved Vulnerabilities

 

Hardcoded password usage vulnerability that could allow an attacker to forge client-side requests and disclose information (CVE-2024-39585)

Improper neutralization of special elements that could allow an attacker to execute commands (CVE-2024-38486)

Vulnerability that could allow an attacker with remote access to use a compromised or insecure cryptographic algorithm resulting in privilege escalation (CVE-2024-39583)

File or directory vulnerability that could allow an attacker with remote access to read, modify, or delete arbitrary files (CVE-2024-39581)

Command (“command injection”) vulnerability that could allow a physically accessible attacker to escalate privileges (CVE-2024-42427)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-39585, CVE-2024-38486

  • Dell SmartFabric OS10 Software version: 10.5.5.11
  • Dell SmartFabric OS10 Software version: 10.5.6.4

 

CVE-2024-39583, CVE-2024-39581

  • Dell PowerScale InsightIQ version: 5.1.1 or later version

 

CVE-2024-42427

  • Dell ThinOS version: 2408

 

 

References

[1] DSA-2024-377: Security Update for Dell Networking OS10 Vulnerability

https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability

[2] DSA-2024-376: Security Update for Dell Networking OS10 Vulnerability

https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability

[3] DSA-2024-360: Security Update for Dell PowerScale InsightIQ for Multiple Security Vulnerabilities

https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities

[4] DSA-2024-386: Security Update for Dell ThinOS for a Command Injection Vulnerability

https://www.dell.com/support/kbdoc/en-us/000228350/dsa-2024-386

Tags:

Previous Post

Next Post