DSA-2024-387: Security Update for Multiple Dell ThinOS Vulnerabilities

Summary: Dell ThinOS remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
Liquidware CVE-2023-52425, CVE-2023-52426 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Jabber CVE-2023-52355, CVE-2024-25062 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex App VDI CVE-2023-51714, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-7104, CVE-2021-37600, CVE-2022-0563, CVE-2021-3995, CVE-2021-3996, CVE-2022-37434, CVE-2023-45853 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Zoom Universal CVE-2023-43114, CVE-2023-51714 See NVD link below for individual scores for each CVE.
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVE IDs Product Software/
Firmware		 Affected Versions Remediated Versions Release Date (MM/DD/YYYY) Link
CVE-2023-52425, CVE-2023-52426 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on ThinOS 2405 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.3.4 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Liquidware Stratusphere UX Connector ID Agent v6.7.0.3.4 | Driver Details
CVE-2023-52355, CVE-2024-25062 ThinOS Cisco Jabber Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 Cisco_Jabber_14.3.1.308744.9 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Cisco Jabber package v14.3.1.308744.9 | Driver Details
CVE-2023-51714, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-7104, CVE-2021-37600, CVE-2022-0563, CVE-2021-3995, CVE-2021-3996, CVE-2022-37434, CVE-2023-45853 ThinOS Cisco Webex App VDI Cisco_Webex_App_VDI_44.2.0.28744.1 on ThinOS 2405 Cisco_Webex_App_VDI_44.6.0.30048.2 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Cisco Webex VDI package v44.6.0.30048.2 | Driver Details
CVE-2023-43114, CVE-2023-51714 ThinOS Zoom Universal Zoom_Universal_5.17.10.24730.2 on ThinOS 2405 Zoom_Universal_6.0.11.25150.1 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Zoom Universal package v6.0.11.25150.1 | Driver Details
CVE IDs Product Software/
Firmware		 Affected Versions Remediated Versions Release Date (MM/DD/YYYY) Link
CVE-2023-52425, CVE-2023-52426 ThinOS Liquidware
 
 		 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.2.2 on ThinOS 2405 Liquidware_Stratusphere_UX_Connector_ID_Agent_6.7.0.3.4 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Liquidware Stratusphere UX Connector ID Agent v6.7.0.3.4 | Driver Details
CVE-2023-52355, CVE-2024-25062 ThinOS Cisco Jabber Cisco_Jabber_14.3.0.308378.11 on Thin OS 2405 Cisco_Jabber_14.3.1.308744.9 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Cisco Jabber package v14.3.1.308744.9 | Driver Details
CVE-2023-51714, CVE-2022-41409, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2023-37369, CVE-2023-43114, CVE-2023-7104, CVE-2021-37600, CVE-2022-0563, CVE-2021-3995, CVE-2021-3996, CVE-2022-37434, CVE-2023-45853 ThinOS Cisco Webex App VDI Cisco_Webex_App_VDI_44.2.0.28744.1 on ThinOS 2405 Cisco_Webex_App_VDI_44.6.0.30048.2 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Cisco Webex VDI package v44.6.0.30048.2 | Driver Details
CVE-2023-43114, CVE-2023-51714 ThinOS Zoom Universal Zoom_Universal_5.17.10.24730.2 on ThinOS 2405 Zoom_Universal_6.0.11.25150.1 on ThinOS 2408 09/05/2024 ThinOS 2408 (9.5.3102) Zoom Universal package v6.0.11.25150.1 | Driver Details

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02024-09-09Initial Release
2.02024-09-18Updated Third-party Component section: added CVE-2023-43114, CVE-2023-51714
Updated Affected Products and Remediation section: Added Cisco Webex App VDI and Zoom Universal
3.02024-10-01Updated CVE Identifier, Details, and Affected Products and Remediation section: Updated CVE list for Cisco Webex App VDI

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell ThinOS
Article Properties
Article Number: 000228411
Article Type: Dell Security Advisory
Last Modified: 01 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.