DSA-2024-435: Security Update for Dell PowerProtect Cyber Recovery Multiple Third-Party Vulnerabilities

Summary: Dell PowerProtect Cyber Recovery remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
BIND 9 CVE-2024-1737, CVE-2024-1975, CVE-2024-4076 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2024-7264, CVE-2024-8096 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Docker Engine CVE-2024-41110 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
emicklei/go-restful CVE-2022-1996 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
OpenTelemetry-Go Contrib CVE-2023-45142, CVE-2023-47108 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
libgit2 CVE-2024-24577 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel CVE-2020-36788, CVE-2021-4439, CVE-2021-4441, CVE-2021-47358, CVE-2021-47359, CVE-2021-47360, CVE-2021-47361, CVE-2021-47362, CVE-2021-47363, CVE-2021-47364, CVE-2021-47365, CVE-2021-47366, CVE-2021-47367, CVE-2021-47368, CVE-2021-47369, CVE-2021-47370, CVE-2021-47371, CVE-2021-47372, CVE-2021-47373, CVE-2021-47374, CVE-2021-47375, CVE-2021-47376, CVE-2021-47378, CVE-2021-47379, CVE-2021-47380, CVE-2021-47381, CVE-2021-47382, CVE-2021-47383, CVE-2021-47384, CVE-2021-47385, CVE-2021-47386, CVE-2021-47387, CVE-2021-47388, CVE-2021-47389, CVE-2021-47390, CVE-2021-47391, CVE-2021-47392, CVE-2021-47393, CVE-2021-47394, CVE-2021-47395, CVE-2021-47396, CVE-2021-47397, CVE-2021-47398, CVE-2021-47399, CVE-2021-47400, CVE-2021-47401, CVE-2021-47402, CVE-2021-47403, CVE-2021-47404, CVE-2021-47405, CVE-2021-47406, CVE-2021-47407, CVE-2021-47408, CVE-2021-47409, CVE-2021-47410, CVE-2021-47412, CVE-2021-47413, CVE-2021-47414, CVE-2021-47415, CVE-2021-47416, CVE-2021-47417, CVE-2021-47418, CVE-2021-47419, CVE-2021-47420, CVE-2021-47421, CVE-2021-47422, CVE-2021-47423, CVE-2021-47424, CVE-2021-47425, CVE-2021-47426, CVE-2021-47427, CVE-2021-47428, CVE-2021-47429, CVE-2021-47430, CVE-2021-47431, CVE-2021-47433, CVE-2021-47434, CVE-2021-47435, CVE-2021-47436, CVE-2021-47437, CVE-2021-47438, CVE-2021-47439, CVE-2021-47440, CVE-2021-47441, CVE-2021-47442, CVE-2021-47443, CVE-2021-47444, CVE-2021-47445, CVE-2021-47446, CVE-2021-47447, CVE-2021-47448, CVE-2021-47449, CVE-2021-47450, CVE-2021-47451, CVE-2021-47452, CVE-2021-47453, CVE-2021-47454, CVE-2021-47455, CVE-2021-47456, CVE-2021-47457, CVE-2021-47458, CVE-2021-47459, CVE-2021-47460, CVE-2021-47461, CVE-2021-47462, CVE-2021-47463, CVE-2021-47464, CVE-2021-47466, CVE-2021-47467, CVE-2021-47468, CVE-2021-47469, CVE-2021-47470, CVE-2021-47471, CVE-2021-47472, CVE-2021-47473, CVE-2021-47474, CVE-2021-47475, CVE-2021-47476, CVE-2021-47477, CVE-2021-47478, CVE-2021-47479, CVE-2021-47480, CVE-2021-47481, CVE-2021-47482, CVE-2021-47483, CVE-2021-47484, CVE-2021-47485, CVE-2021-47486, CVE-2021-47488, CVE-2021-47490, CVE-2021-47492, CVE-2021-47493, CVE-2021-47494, CVE-2021-47495, CVE-2021-47496, CVE-2021-47497, CVE-2021-47498, CVE-2021-47499, CVE-2021-47500, CVE-2021-47501, CVE-2021-47502, CVE-2021-47503, CVE-2021-47506, CVE-2021-47507, CVE-2021-47509, CVE-2021-47510, CVE-2021-47511, CVE-2021-47513, CVE-2021-47514, CVE-2021-47516, CVE-2021-47518, CVE-2021-47520, CVE-2021-47521, CVE-2021-47522, CVE-2021-47523, CVE-2021-47524, CVE-2021-47525, CVE-2021-47526, CVE-2021-47527, CVE-2021-47528, CVE-2021-47529, CVE-2021-47533, CVE-2021-47534, CVE-2021-47535, CVE-2021-47536, CVE-2021-47537, CVE-2021-47540, CVE-2021-47541, CVE-2021-47542, CVE-2021-47544, CVE-2021-47549, CVE-2021-47550, CVE-2021-47551, CVE-2021-47553, CVE-2021-47554, CVE-2021-47555, CVE-2021-47556, CVE-2021-47558, CVE-2021-47559, CVE-2021-47560, CVE-2021-47562, CVE-2021-47563, CVE-2021-47564, CVE-2021-47565, CVE-2021-47571, CVE-2021-47576, CVE-2021-47578, CVE-2021-47580, CVE-2021-47582, CVE-2021-47583, CVE-2021-47584, CVE-2021-47585, CVE-2021-47586, CVE-2021-47587, CVE-2021-47589, CVE-2021-47592, CVE-2021-47596, CVE-2021-47597, CVE-2021-47598, CVE-2021-47600, CVE-2021-47601, CVE-2021-47602, CVE-2021-47603, CVE-2021-47607, CVE-2021-47609, CVE-2021-47611, CVE-2021-47612, CVE-2021-47614, CVE-2021-47615, CVE-2021-47616, CVE-2021-47617, CVE-2021-47618, CVE-2021-47619, CVE-2021-47620, CVE-2021-47622, CVE-2021-47624, CVE-2022-48632, CVE-2022-48634, CVE-2022-48636, CVE-2022-48652, CVE-2022-48671, CVE-2022-48672, CVE-2022-48673, CVE-2022-48675, CVE-2022-48686, CVE-2022-48688, CVE-2022-48692, CVE-2022-48693, CVE-2022-48694, CVE-2022-48695, CVE-2022-48697, CVE-2022-48699, CVE-2022-48700, CVE-2022-48701, CVE-2022-48702, CVE-2022-48703, CVE-2022-48704, CVE-2022-48708, CVE-2022-48709, CVE-2022-48710, CVE-2022-48712, CVE-2022-48713, CVE-2022-48715, CVE-2022-48717, CVE-2022-48720, CVE-2022-48721, CVE-2022-48722, CVE-2022-48723, CVE-2022-48724, CVE-2022-48725, CVE-2022-48726, CVE-2022-48727, CVE-2022-48728, CVE-2022-48729, CVE-2022-48730, CVE-2022-48732, CVE-2022-48734, CVE-2022-48735, CVE-2022-48736, CVE-2022-48737, CVE-2022-48738, CVE-2022-48739, CVE-2022-48740, CVE-2022-48743, CVE-2022-48744, CVE-2022-48745, CVE-2022-48746, CVE-2022-48747, CVE-2022-48749, CVE-2022-48751, CVE-2022-48752, CVE-2022-48754, CVE-2022-48756, CVE-2022-48758, CVE-2022-48759, CVE-2022-48760, CVE-2022-48761, CVE-2022-48763, CVE-2022-48765, CVE-2022-48767, CVE-2022-48768, CVE-2022-48769, CVE-2022-48773, CVE-2022-48774, CVE-2022-48775, CVE-2022-48776, CVE-2022-48777, CVE-2022-48778, CVE-2022-48780, CVE-2022-48783, CVE-2022-48784, CVE-2022-48786, CVE-2022-48787, CVE-2022-48788, CVE-2022-48789, CVE-2022-48790, CVE-2022-48791, CVE-2022-48792, CVE-2022-48793, CVE-2022-48794, CVE-2022-48796, CVE-2022-48797, CVE-2022-48798, CVE-2022-48799, CVE-2022-48800, CVE-2022-48801, CVE-2022-48803, CVE-2022-48804, CVE-2022-48805, CVE-2022-48806, CVE-2022-48807, CVE-2022-48811, CVE-2022-48812, CVE-2022-48813, CVE-2022-48814, CVE-2022-48815, CVE-2022-48816, CVE-2022-48817, CVE-2022-48818, CVE-2022-48820, CVE-2022-48821, CVE-2022-48822, CVE-2022-48823, CVE-2022-48824, CVE-2022-48825, CVE-2022-48826, CVE-2022-48827, CVE-2022-48828, CVE-2022-48829, CVE-2022-48830, CVE-2022-48831, CVE-2022-48834, CVE-2022-48835, CVE-2022-48836, CVE-2022-48837, CVE-2022-48838, CVE-2022-48840, CVE-2022-48841, CVE-2022-48842, CVE-2022-48843, CVE-2022-48849, CVE-2022-48851, CVE-2022-48856, CVE-2022-48857, CVE-2022-48858, CVE-2022-48859, CVE-2022-48860, CVE-2022-48861, CVE-2022-48862, CVE-2022-48863, CVE-2022-48866, CVE-2022-48868, CVE-2022-48870, CVE-2022-48871, CVE-2022-48872, CVE-2022-48873, CVE-2022-48875, CVE-2022-48878, CVE-2022-48880, CVE-2022-48890, CVE-2022-48891, CVE-2022-48896, CVE-2022-48898, CVE-2022-48899, CVE-2022-48903, CVE-2022-48904, CVE-2022-48905, CVE-2022-48907, CVE-2022-48909, CVE-2022-48912, CVE-2022-48913, CVE-2022-48914, CVE-2022-48915, CVE-2022-48916, CVE-2022-48917, CVE-2022-48918, CVE-2022-48919, CVE-2022-48921, CVE-2022-48924, CVE-2022-48925, CVE-2022-48926, CVE-2022-48927, CVE-2022-48928, CVE-2022-48930, CVE-2022-48931, CVE-2022-48932, CVE-2022-48934, CVE-2022-48935, CVE-2022-48937, CVE-2022-48938, CVE-2022-48941, CVE-2022-48942, CVE-2022-48943, CVE-2023-24023, CVE-2023-52489, CVE-2023-52655, CVE-2023-52670, CVE-2023-52676, CVE-2023-52686, CVE-2023-52690, CVE-2023-52702, CVE-2023-52703, CVE-2023-52707, CVE-2023-52708, CVE-2023-52730, CVE-2023-52733, CVE-2023-52736, CVE-2023-52738, CVE-2023-52739, CVE-2023-52740, CVE-2023-52741, CVE-2023-52742, CVE-2023-52743, CVE-2023-52744, CVE-2023-52745, CVE-2023-52747, CVE-2023-52752, CVE-2023-52753, CVE-2023-52754, CVE-2023-52756, CVE-2023-52759, CVE-2023-52762, CVE-2023-52763, CVE-2023-52764, CVE-2023-52766, CVE-2023-52774, CVE-2023-52781, CVE-2023-52788, CVE-2023-52789, CVE-2023-52791, CVE-2023-52798, CVE-2023-52799, CVE-2023-52800, CVE-2023-52804, CVE-2023-52805, CVE-2023-52806, CVE-2023-52810, CVE-2023-52811, CVE-2023-52814, CVE-2023-52816, CVE-2023-52817, CVE-2023-52818, CVE-2023-52819, CVE-2023-52821, CVE-2023-52825, CVE-2023-52826, CVE-2023-52832, CVE-2023-52833, CVE-2023-52834, CVE-2023-52837, CVE-2023-52838, CVE-2023-52840, CVE-2023-52841, CVE-2023-52844, CVE-2023-52846, CVE-2023-52847, CVE-2023-52853, CVE-2023-52854, CVE-2023-52855, CVE-2023-52856, CVE-2023-52858, CVE-2023-52864, CVE-2023-52865, CVE-2023-52867, CVE-2023-52868, CVE-2023-52870, CVE-2023-52871, CVE-2023-52872, CVE-2023-52873, CVE-2023-52875, CVE-2023-52876, CVE-2023-52877, CVE-2023-52878, CVE-2023-52880, CVE-2023-52881, CVE-2023-52885, CVE-2023-52893, CVE-2023-52894, CVE-2023-52896, CVE-2023-52898, CVE-2023-52900, CVE-2023-52901, CVE-2023-52905, CVE-2023-52907, CVE-2023-52911, CVE-2024-0639, CVE-2024-26583, CVE-2024-26584, CVE-2024-26739, CVE-2024-26745, CVE-2024-26800, CVE-2024-26813, CVE-2024-26814, CVE-2024-26828, CVE-2024-26840, CVE-2024-26852, CVE-2024-26862, CVE-2024-26921, CVE-2024-26923, CVE-2024-26925, CVE-2024-26928, CVE-2024-26929, CVE-2024-26930, CVE-2024-26976, CVE-2024-27398, CVE-2024-27413, CVE-2024-35789, CVE-2024-35817, CVE-2024-35861, CVE-2024-35862, CVE-2024-35863, CVE-2024-35864, CVE-2024-35867, CVE-2024-35868, CVE-2024-35869, CVE-2024-35901, CVE-2024-35904, CVE-2024-35905, CVE-2024-35950, CVE-2024-36894, CVE-2024-36899, CVE-2024-36904, CVE-2024-36926, CVE-2024-36940, CVE-2024-36964, CVE-2024-36971, CVE-2024-36974, CVE-2024-38541, CVE-2024-38545, CVE-2024-38555, CVE-2024-38559, CVE-2024-38560, CVE-2024-38564, CVE-2024-38578, CVE-2024-39463, CVE-2024-39494, CVE-2024-40902, CVE-2024-40910, CVE-2024-40937, CVE-2024-40954, CVE-2024-40956, CVE-2024-40989, CVE-2024-40994, CVE-2024-41009, CVE-2024-41011, CVE-2024-41012, CVE-2024-41059, CVE-2024-41062, CVE-2024-41069, CVE-2024-41087, CVE-2024-41090, CVE-2024-42077, CVE-2024-42093, CVE-2024-42126, CVE-2024-42145, CVE-2024-42230, CVE-2024-42232, CVE-2024-42271, CVE-2024-43853, CVE-2024-43861, CVE-2024-43882, CVE-2024-43883, CVE-2024-44938, CVE-2024-44947, CVE-2024-45003 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Model Specific Register (MSR) CVE-2023-31315 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
MIT Kerberos 5 (krb5) CVE-2024-37371, CVE-2024-37370 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
ncurses6 CVE-2023-45918 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-4741, CVE-2024-5535, CVE-2024-0727, CVE-2023-6129, CVE-2023-5678 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Python module CVE-2024-4030, CVE-2024-8088, CVE-2024-0397, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-5642 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
DNS protocol CVE-2023-50387 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
shadow package CVE-2013-4235 See NVD link below for individual scores for each CVE. https://nvd.nist.gov
package_index module of pypa/setuptool CVE-2024-6345 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
runc CVE-2024-45310 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Xen hypervisor CVE-2023-46841, CVE-2023-46842, CVE-2024-2193, CVE-2024-2201, CVE-2024-31142, CVE-2024-31143, CVE-2024-31145, CVE-2024-31146, CVE-2024-45817 See NVD link below for individual scores for each CVE. https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-49594 Dell PowerProtect Cyber Recovery, version(s) prior to 19.17.0.2, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-45768 Dell PowerProtect Cyber Recovery, versions prior to 19.17.0.2, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-49594 Dell PowerProtect Cyber Recovery, version(s) prior to 19.17.0.2, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2024-45768 Dell PowerProtect Cyber Recovery, versions prior to 19.17.0.2, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Versions Link
PowerProtect Cyber Recovery Versions prior to 19.17.0.2 19.18.0.1 or later Click Here to Apply Latest Cyber Recovery Software and OS Update Package
Product Affected Versions Remediated Versions Link
PowerProtect Cyber Recovery Versions prior to 19.17.0.2 19.18.0.1 or later Click Here to Apply Latest Cyber Recovery Software and OS Update Package
Note:
  • This remediation includes an update from cyber-recovery-osupdate-15.4.0-1.bin to cyber-recovery-osupdate-15.4.0-3.bin and Cyber recovery app level components.
  • All vulnerabilities applicable to SLES15 SP4 are listed here out of an abundance of caution. For more information, see the Dell PowerProtect Cyber Recovery Version 19.18 OS Updates Release Notes.

Revision History

RevisionDateDescription
2024-11-12Initial Release1.0

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerProtect Cyber Recovery
Article Properties
Article Number: 000247709
Article Type: Dell Security Advisory
Last Modified: 13 Nov 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.