DSA-2024-239: Security Update Dell ECS 3.8.1.1 for Multiple Security Vulnerabilities

Zusammenfassung: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-Party Component CVEs More Information
apache/xerces-c CVE-2023-37536 https://nvd.nist.gov/vuln/detail/CVE-2023-37536This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2022-1996 https://nvd.nist.gov/vuln/detail/CVE-2022-1996This hyperlink is taking you to a website outside of Dell Technologies.
GNU GRUB CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-3090, CVE-2023-3863, CVE-2023-39198, CVE-2023-4622, CVE-2023-4623, CVE-2023-5717, CVE-2023-6270, CVE-2023-6931, CVE-2023-6932 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945This hyperlink is taking you to a website outside of Dell Technologies.
openSSH CVE-2023-48795, CVE-2023-51385 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-2610, CVE-2023-4733, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5535 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 https://nvd.nist.gov/vuln/detail/CVE-2023-43361This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Revisionsverlauf

RevisionDateDescription
1.02024-07-18Initial Release
2.02024-10-25Updated for enhanced presentation with no changes to content

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Artikeleigenschaften
Artikelnummer: 000227051
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 25 Okt. 2024
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.