DSA-2024-413: Security Update for a Dell PowerFlex Manager Cleartext Storage of Sensitive Information Vulnerability
Summary: Dell PowerFlex Manager remediation is available for a vulnerability that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47244 |
Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244. |
9.0 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2024-47244 |
Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244. |
9.0 |
Affected Products & Remediation
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
|
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
|
PowerFlex rack |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
|
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 3.8.8 |
Version 3.8.8 |
|
|
PowerFlex appliance |
PowerFlex Manager |
Versions prior to 4.6.0.1 |
Version 4.6.0.1 |
For complete remediation, customers who upgrade to PowerFlex Manager versions 3.8.8 or 4.6.0.1 should also perform the steps outlined in the below links:
- Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 3.8.x (Log in as Dell Support registered user is required to view this article.)
- Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 4.x (Log in as Dell Support registered user is required to view this article.)
Configurations not leveraging CloudLink are not affected by CVE-2024-47244.
In the case of manual upgrade for PowerFlex rack, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
Workarounds & Mitigations
|
CVE ID |
Workaround and Mitigation |
|
CVE-2024-47244 |
For customers who are unable to upgrade PowerFlex Manager, follow the mitigation guidance in the below links:
|
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-10-07 |
Initial Release |
|
2.0 |
2024-10-28 |
Minor update to the CVE description. |
|
3.0 |
2025-05-07 |
Updated for enhanced presentation with no changes to content. |
Related Information
Legal Disclaimer
Affected Products
PowerFlex appliance R650, PowerFlex appliance R6525, PowerFlex appliance R660, PowerFlex appliance R6625, PowerFlex appliance R640Products
PowerFlex Appliance, Powerflex appliance R750, PowerFlex appliance R760, PowerFlex appliance R7625, PowerFlex rack HW, PowerFlex rack RCM Software, PowerFlex Software, PowerFlex appliance R740XD, PowerFlex appliance R7525, PowerFlex appliance R840Article Properties
Article Number: 000238943
Article Type: Dell Security Advisory
Last Modified: 19 May 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.