Critical
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-47244 |
Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244. |
9.0 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-47244 |
Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244. |
9.0 |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
PowerFlex rack |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
PowerFlex rack |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
CVE ID |
Workaround and Mitigation |
CVE-2024-47244 |
For customers who are unable to upgrade PowerFlex Manager, follow the mitigation guidance in the below links: |
For complete remediation, customers who upgrade to PowerFlex Manager versions 3.8.8 or 4.6.0.1 should also perform the steps outlined in the below links:
Configurations not leveraging CloudLink are not affected by CVE-2024-47244.
In the case of manual upgrade for PowerFlex rack, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
Revision |
Date |
Description |
1.0 |
2024-10-07 |
Initial Release |
2.0 |
2024-10-28 |
Minor update to the CVE description. |