Security Advisory

Dell Product Line Security Update Advisory

  • Dec 12 2024

Overview

 

An update has been released to address vulnerabilities in Dell Product Line. Users of the affected versions are advised to update to the latest version.
 

 

Affected Products

 

CVE-2024-49600

  • Dell Power Manager versions: ~ 3.17 (excluded)

 

CVE-2024-37143, CVE-2024-37144

  • Dell PowerFlex appliance versions: ~ 46.381.00 (excluded)
  • Dell PowerFlex appliance versions: ~ 46.376.00 (excluded)

 

  • Dell PowerFlex rack versions: ~ 3.8.1.0 (excluded)
  • Dell PowerFlex rack versions: ~ 3.7.6.0 (excluded)

 

  • Dell PowerFlex custom node versions: ~ 4.6.1.0 (excluded)
  • Dell InsightIQ versions: ~ 5.1.1 (excluded)
  • Dell Data Lakehouse versions: ~ 1.2.0.0 (excluded)

 

CVE-2024-47977, CVE-2024-47484, CVE-2024-52538

  • Dell Avamar Server versions: 19.4, 19.7, 19.8, 19.9, 19.10, 19.10SP1
  • Dell Avamar Data Store Gen5A, Gen4T versions: 19.4, 19.7, 19.8, 19.9, 19.10, 19.10SP1

 

 

Resolved Vulnerabilities

 

Improper access control vulnerability that could allow a low-privileged local user to execute code and cause privilege escalation (CVE-2024-49600)

Improper link checking before accessing a file that could allow an unauthenticated attacker with remote access to execute arbitrary code on the system (CVE-2024-37143)

Highly privileged attackers with local access could use publicly disclosed information to gain unauthorized access to pods in the cluster (CVE-2024-37144)

Improper neutralization of special elements that could allow a low-privileged attacker with remote access to execute commands (CVE-2024-47977, CVE-2024-47484)

Improperly sanitized vulnerability in a special element that could allow low privileged attackers with remote access to inject scripts (CVE-2024-52538)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49600

  • Dell Power Manager versions: 3.17 or later version

 

CVE-2024-37143, CVE-2024-37144

  • Dell PowerFlex appliance version: 46.381.00 or later version
  • Dell PowerFlex appliance version: 46.376.00 or later version

 

  • Dell PowerFlex rack version: 3.8.1.0 or later version
  • Dell PowerFlex rack version: 3.7.6.0 or later version

 

  • Dell PowerFlex custom node version: 4.6.1.0 or later version
  • Dell InsightIQ version: 5.1.1 or later version
  • Dell Data Lakehouse version: 1.2.0.0 or later version

 

CVE-2024-47977, CVE-2024-47484, CVE-2024-52538

  • Dell Avamar Server version: Avamar CHF 338869 on 19.10, 19.10SP1
  • Dell Avamar Data Store Gen5A, Gen4T versions: Avamar CHF 338869 on 19.10, 19.10SP1

 

 

Referenced Sites

 

[1] DSA-2024-439: Security Update for Dell Power Manager for an Improper Access Control Vulnerability

https://www.dell.com/support/kbdoc/ko-kr/000244438/dsa-2024-439

[2] DSA-2024-405: Security Update for Dell Products for Multiple Vulnerabilities

https://www.dell.com/support/kbdoc/ko-kr/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities

[3] DSA-2024-489: Security update for Dell Avamar and Dell Avamar Virtual Edition Security Update for Multiple Vulnerabilities.

https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities

Tags:

Previous Post

Next Post