DSA-2025-154: Security Update for Dell ECS and ObjectScale Use of Hard-coded SSH Cryptographic Key Vulnerability

Résumé: Dell ECS and ObjectScale remediation is available for use of hard-coded SSH cryptographic key vulnerability that could be exploited by malicious users to compromise the affected system. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

High

Détails supplémentaires

This Security Advisory communicates vulnerabilities affecting versions prior to ECS 3.8.1.5 and ObjectScale 4.0.0.0 only when those versions are reached through an upgrade path. Fresh installations of ECS 3.8.0.x, ECS 3.8.1.x and ObjectScale 4.0.0.x or later are not affected. To mitigate the vulnerabilities, customers must first upgrade to a remediated version, then perform the ‘Rotate SSH Keys’ procedure referenced in the ‘Workaround and Mitigation’ section.

Détails

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Notes:

  1. Dell recommends all customers have their ObjectScale/ ECS systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  2. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information regarding upcoming security releases.
  3. A fresh installation refers to the process of deploying Dell ECS or ObjectScale on a system where all previous configurations, data, and components have been completely removed. This term applies to both:
    1. New Installations: Installing ECS/ObjectScale on a clean, unused system.
    2. Re-installations: Re-deploying ECS/ObjectScale after wiping out an existing environment to return it to a clean state.

Solutions de contournement et mesures d’atténuation

CVE ID Workaround and Mitigation
CVE-2025-26476 Customers are required to upgrade to a remediated version first, then perform the ‘Rotate SSH Keys’ procedure to complete remediation as documented in KB 000339248: Dell ECS and Dell ObjectScale: Use of Hard Coded SSH Cryptographic Key Vulnerability Remediation.

 

Historique des révisions

RevisionDateDescription
1.02025-07-28Initial Release
2.02025-07-30Expanded product tagging and updated display text for KB 000339248

 

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Appliance Series, ObjectScale Software Series ...
Propriétés de l’article
Numéro d’article: 000339134
Type d’article: Dell Security Advisory
Dernière modification: 30 Jul 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.