Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2024-413: Security Update for a Dell PowerFlex Manager Cleartext Storage of Sensitive Information Vulnerability

Summary: Dell PowerFlex Manager remediation is available for a vulnerability that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-47244

Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244.  

9.0

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-47244

Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244.  

9.0

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

 

 

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

PowerFlex Manager

Versions prior to 3.8.8

Version 3.8.8

Code & Compatibility Knowledge Hub

PowerFlex rack

PowerFlex Manager

Versions prior to 4.6.0.1

Version 4.6.0.1

Code & Compatibility Knowledge Hub

PowerFlex appliance

PowerFlex Manager

Versions prior to 3.8.8

Version 3.8.8

Code & Compatibility Knowledge Hub

PowerFlex appliance

PowerFlex Manager

Versions prior to 4.6.0.1

Version 4.6.0.1

Code & Compatibility Knowledge Hub

 

 

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

PowerFlex rack

PowerFlex Manager

Versions prior to 3.8.8

Version 3.8.8

Code & Compatibility Knowledge Hub

PowerFlex rack

PowerFlex Manager

Versions prior to 4.6.0.1

Version 4.6.0.1

Code & Compatibility Knowledge Hub

PowerFlex appliance

PowerFlex Manager

Versions prior to 3.8.8

Version 3.8.8

Code & Compatibility Knowledge Hub

PowerFlex appliance

PowerFlex Manager

Versions prior to 4.6.0.1

Version 4.6.0.1

Code & Compatibility Knowledge Hub

CVE ID

Workaround and Mitigation

CVE-2024-47244

Workarounds & Mitigations

For complete remediation, customers who upgrade to PowerFlex Manager versions 3.8.8 or 4.6.0.1 should also perform the steps outlined in the below links:

Configurations not leveraging CloudLink are not affected by CVE-2024-47244.

In the case of manual upgrade for PowerFlex rack, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers

Revision History

Revision

Date

Description

1.0

2024-10-07

Initial Release

2.0

2024-10-28

Minor update to the CVE description.

Related Information

Affected Products

PowerFlex appliance R650, PowerFlex appliance R6525, PowerFlex appliance R660, PowerFlex appliance R6625, PowerFlex appliance R640

Products

PowerFlex Appliance, Powerflex appliance R750, PowerFlex appliance R760, PowerFlex appliance R7625, PowerFlex rack HW, PowerFlex rack RCM Software, PowerFlex Software, PowerFlex appliance R740XD, PowerFlex appliance R7525, PowerFlex appliance R840
Article Properties
Article Number: 000238943
Article Type: Dell Security Advisory
Last Modified: 28 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.