Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2024-408: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Summary: Dell PowerStore Family remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 

Impact

High

Details

Third-party Component CVEs More Information
cpio CVE-2023-7207 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
docker CVE-2024-23651, CVE-2024-23653, CVE-2024-23652 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
gnutls CVE-2024-0553,  CVE-2023-5981 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2021-46955, CVE-2021-47041, CVE-2021-47074, CVE-2021-47113, CVE-2021-47131, CVE-2021-47184, CVE-2021-47185, CVE-2021-47194, CVE-2021-47198, CVE-2021-47201, CVE-2021-47203, CVE-2021-47206, CVE-2021-47207, CVE-2021-47212, CVE-2022-48631, CVE-2022-48651, CVE-2022-48654, CVE-2022-48687, CVE-2023-2860, CVE-2023-6270, CVE-2024-0639, CVE-2024-0841, CVE-2024-22099, CVE-2024-23307, CVE-2024-26688, CVE-2024-26689, CVE-2024-26733, CVE-2024-26739, CVE-2024-26744, CVE-2024-26816, CVE-2024-26840, CVE-2024-26852, CVE-2024-26862, CVE-2024-26898, CVE-2024-26903, CVE-2024-26906, CVE-2024-27043 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-26458, CVE-2024-26461 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
less  CVE-2024-32487 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libssh CVE-2020-1730, CVE-2023-6918, CVE-2023-1667, CVE-2023-48795, CVE-2023-6004, CVE-2020-16135, CVE-2019-14889, CVE-2023-2283, CVE-2021-3634 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2024-25062 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2024-28182 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
module-tools CVE-2023-1829, CVE-2023-23559 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
mozilla-nss CVE-2023-5388 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-51385 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-2511 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pam  CVE-2024-22365 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
perl        CVE-2018-6913, CVE-2017-6512, CVE-2018-6798, CVE-2023-31484 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
postgresql CVE-2024-0985 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
python  CVE-2023-52425, CVE-2024-0450 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
runc CVE-2024-21626 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2023-42465 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
util-linux CVE-2024-28085 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vim CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667, CVE-2023-4750 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
xen-libs CVE-2023-46839 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-42429 Dell PowerStore contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access and modification of application data" 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. 5.4
 
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-42429 Dell PowerStore contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access and modification of application data" 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. 5.4
 
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/en-us/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers
Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/en-us/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.3-2369400 Version 3.6.1.3-2369400 and later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02024-09-26Initial Release
2.02024-09-27Formatting change

Related Information

Affected Products

PowerStore, PowerStore 1000T, PowerStore 1200T, PowerStore 3000T, PowerStore 3200T, PowerStore 5000T, PowerStore 500T, PowerStore 7000T, PowerStore 9000T, PowerStore 9200T, PowerStoreOS
Article Properties
Article Number: 000229094
Article Type: Dell Security Advisory
Last Modified: 09 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.