Dell Product Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in Dell products. Users of affected products are advised to update to the latest version.
Affected Products
CVE-2024-47978, CVE-2024-53291
- NativeEdge Orchestrator Version: ~ 2.1.0.0 (inclusive)
CVE-2024-52535
- SupportAssist for Home PCs version: ~ 4.6.2 (excluded)
- SupportAssist for Business PCs version: ~ 4.5.1 (excluded)
CVE-2024-51540
- Dell ECS Version: ~3.8.1.3 (excluded)
Resolved Vulnerabilities
Unnecessary privilege execution vulnerability that could allow a low privileged attacker with local access to cause privilege escalation (CVE-2024-47978)
Sensitive information disclosure vulnerability that could allow an unauthenticated attacker with remote access to exfiltrate information (CVE-2024-53291)
Symbolic link attack vulnerability in software modification components (CVE-2024-52535)
Artithmetic overflow vulnerability in the handling of retention periods(CVE-2024-51540)
Vulnerability Patches
vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
Cve-2024-47978, cve-2024-53291
- NativeEdge Orchestrator version: 2.2.0.0
CVE-2024-52535
- SupportAssist for Home PCs Version: 4.6.2 or later
- SupportAssist for Business PCs Version: 4.5.1 or later
CVE-2024-51540
- Dell ECS Version: 3.8.1.3 or later
References
[1] DSA-2024-488: Security Update for Dell NativeEdge Multiple Vulnerabilities
[2] DSA-2024-470: Security Update for Dell SupportAssist for Home PC and Dell SupportAssist for Business PC Vulnerabilities
[3] DSA-2024-483: Security Update for Dell ECS Multiple Vulnerabilities