DSA-2024-239: Security Update Dell ECS 3.8.1.1 for Multiple Security Vulnerabilities

Summary: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-Party Component CVEs More Information
apache/xerces-c CVE-2023-37536 https://nvd.nist.gov/vuln/detail/CVE-2023-37536This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2022-1996 https://nvd.nist.gov/vuln/detail/CVE-2022-1996This hyperlink is taking you to a website outside of Dell Technologies.
GNU GRUB CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-3090, CVE-2023-3863, CVE-2023-39198, CVE-2023-4622, CVE-2023-4623, CVE-2023-5717, CVE-2023-6270, CVE-2023-6931, CVE-2023-6932 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945This hyperlink is taking you to a website outside of Dell Technologies.
openSSH CVE-2023-48795, CVE-2023-51385 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-2610, CVE-2023-4733, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5535 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 https://nvd.nist.gov/vuln/detail/CVE-2023-43361This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Revision History

RevisionDateDescription
1.02024-07-18Initial Release
2.02024-10-25Updated for enhanced presentation with no changes to content

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Article Properties
Article Number: 000227051
Article Type: Dell Security Advisory
Last Modified: 25 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.