Dell Product Security Update Advisory

Nov 11 2024

Overview

An update has been released to address vulnerabilities in Dell Product. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-45763, CVE-2024-45764, CVE-2024-45765

Dell Enterprise SONiC Distribution versions: ~ 4.1.6 (excluded)
Dell Enterprise SONiC Distribution versions: ~ 4.2.2 (excluded)

Resolved Vulnerabilities

Command injection vulnerability that could allow remote, elevated privileged attackers to execute commands (CVE-2024-45763)

Missing critical steps in the authentication process vulnerability that could allow remote, unauthenticated attackers to bypass protection mechanisms (CVE-2024-45764)

A command injection vulnerability could be exploited by a high privileged user to execute OS commands with low privileges (CVE-2024-45765)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-45763, CVE-2024-45764, CVE-2024-45765

Dell Enterprise SONiC Distribution version: 4.1.6
Dell Enterprise SONiC Distribution version: 4.2.2

References Sites

[1] DSA-2024-449: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Dell Product Security Update Advisory

Google Chrome Browser (130.0.6723.116/.117) Security Update Advisory

HPE Product Security Update Advisory

Tags:

Google Chrome Browser (130.0.6723.116/.117) Security Update Advisory

HPE Product Security Update Advisory