DSA-2025-193: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
요약: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Third-party Component | CVEs | More Information |
| Dell PowerEdge Server BIOS | CVE-2024-24980, CVE-2024-24853, CVE-2023-22351, CVE-2024-21871, CVE-2023-25546, CVE-2023-42772, CVE-2024-21829, CVE-2024-21781, CVE-2023-41833, CVE-2023-43753, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853, CVE-2024-38303, CVE-2024-38304, CVE-2024-21820, CVE-2024-23918, CVE-2024-25565, CVE-2024-36242, CVE-2024-24985, CVE-2024-22185, CVE-2024-21944, CVE-2024-27457, CVE-2024-21925, CVE-2024-21924, CVE-2024-21936, CVE-2024-21935, CVE-2024-21927, CVE-2023-20508, CVE-2023-20582, CVE-2023-20581, CVE-2023-31345, CVE-2024-56161, CVE-2024-38796, CVE-2024-36347, CVE-2023-20599 | DSA-2024-308, DSA-2024-383, DSA-2024-309, DSA-2024-310, DSA-2024-385, DSA-2025-085, DSA-2024-404, DSA-2025-040, DSA-2025-038, DSA-2025-112 |
| iDRAC | CVE-2023-52340, CVE-2024-42154 | DSA-2024-460 |
| Apache MINA | CVE-2024-52046 | https://nvd.nist.gov/vuln/search |
| Intel Adapters | CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| Cisco Switches | CVE-2024-6387, CVE-2024-20286, CVE-2024-20285, CVE-2024-20284, CVE-2024-20289, CVE-2024-20413, CVE-2024-20411, CVE-2024-20397 | https://nvd.nist.gov/vuln/search |
| VMware ESXi | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | VMSA-2025-0004 |
| OpenSSH | CVE-2023-38408 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36610 | Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36610 | Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
영향을 받는 제품 및 문제 해결
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex Appliance | IC | Versions prior to 46.377.00 | Version 46.377.00 or later | IC release |
| PowerFlex Appliance | IC | Versions prior to 46.382.00 | Version 46.382.00 or later | IC release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex Appliance | IC | Versions prior to 46.377.00 | Version 46.377.00 or later | IC release |
| PowerFlex Appliance | IC | Versions prior to 46.382.00 | Version 46.382.00 or later | IC release |
In the case of manual upgrade for PowerFlex Appliance, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-appliance-int-ca-sw/drivers
개정 내역
| Revision | Date | Description |
| 1.0 | 2025-05-01 | Initial Release |
| 2.0 | 2025-05-08 | Minor edit |
| 3.0 | 2025-07-17 | Added information for CVE-2023-20599 |
| 4.0 | 2025-07-17 | Added information for CVE-2025-36610 |
| 5.0 | 2025-11-24 | Added information for CVE-2023-38408 |
관련 정보
법적 고지 사항
해당 제품
PowerFlex Appliance, PowerFlex appliance Intelligent Catalog Software문서 속성
문서 번호: 000315712
문서 유형: Dell Security Advisory
마지막 수정 시간: 24 11월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.