DSA-2025-154: Security Update for Dell ECS and ObjectScale Use of Hard-coded SSH Cryptographic Key Vulnerability

Oversigt: Dell ECS and ObjectScale remediation is available for use of hard-coded SSH cryptographic key vulnerability that could be exploited by malicious users to compromise the affected system. ...

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

High

Yderligere oplysninger

This Security Advisory communicates vulnerabilities affecting versions prior to ECS 3.8.1.5 and ObjectScale 4.0.0.0 only when those versions are reached through an upgrade path. Fresh installations of ECS 3.8.0.x, ECS 3.8.1.x and ObjectScale 4.0.0.x or later are not affected. To mitigate the vulnerabilities, customers must first upgrade to a remediated version, then perform the ‘Rotate SSH Keys’ procedure referenced in the ‘Workaround and Mitigation’ section.

Oplysninger

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Notes:

  1. Dell recommends all customers have their ObjectScale/ ECS systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  2. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information regarding upcoming security releases.
  3. A fresh installation refers to the process of deploying Dell ECS or ObjectScale on a system where all previous configurations, data, and components have been completely removed. This term applies to both:
    1. New Installations: Installing ECS/ObjectScale on a clean, unused system.
    2. Re-installations: Re-deploying ECS/ObjectScale after wiping out an existing environment to return it to a clean state.

Løsninger og afhjælpninger

CVE ID Workaround and Mitigation
CVE-2025-26476 Customers are required to upgrade to a remediated version first, then perform the ‘Rotate SSH Keys’ procedure to complete remediation as documented in KB 000339248: Dell ECS and Dell ObjectScale: Use of Hard Coded SSH Cryptographic Key Vulnerability Remediation.

 

Revisionshistorik

RevisionDateDescription
1.02025-07-28Initial Release
2.02025-07-30Expanded product tagging and updated display text for KB 000339248

 

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Software with Encryption, ObjectScale Software without Encryption , ObjectScale Appliance Series, ObjectScale Software Series ...
Artikelegenskaber
Artikelnummer: 000339134
Artikeltype: Dell Security Advisory
Senest ændret: 30 jul. 2025
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.