1 Rookie
•
3 Posts
0
43
April 16th, 2025 16:23
ME4024, ME4084 - CVE-2024-6387
I am unable to find any documentation from Dell regarding CVE-2024-6387 and the PowerVault product line. Looking to find out how this vulnerability was addressed as there has been no updates to firmware since 03 JAN 2024.
No Events found!
DELL-Charles R
Moderator
Moderator
•
4.3K Posts
1
April 16th, 2025 20:45
Hello,
This should help:
ME4, ME5: CVE-2024-6387 - Security scanners may report false positive result
Summary: Some security scanners may report PowerVault ME4 series and PowerVault ME5 series arrays on latest available firmware are vulnerable to exploits as described under CVE-2024-6387
Knowledge Article #000226973
ME4, ME5: CVE-2024-6387 - Security scanners may report false positive result
https://www.dell.com/support/kbdoc/en-us/000226973
You may have to log in to view this article. Below is the Resolution statement:
Resolution:
PowerVault ME series arrays use glibc library version 2.25 (released in February 2017). This version is not vulnerable to the exploit outlined in CVE-2024-6387.
DellMeAboutYourStorage
1 Rookie
1 Rookie
•
3 Posts
0
April 16th, 2025 20:50
@DELL-Charles R Thanks, Charles. I attempted to view the article, but it tells me that the page is no longer found and has been moved. Any chance you can paste the contents of that article into this post?
DELL-Joey C
Moderator
Moderator
•
3.8K Posts
1
April 17th, 2025 03:02
Hi,
The article has not much content, only stating that there are report of scan on vulnerable to exploit listed as CVE-2024-6387.
And ME4 & ME5: PowerVault ME series arrays use glibc library version 2.25 (released in February 2017). This version is not vulnerable to the exploit outlined in CVE-2024-6387.
Charles has already provided the information below his reply which is the same.