DSA-2024-497: Dell PowerStore T Security Update for Multiple Vulnerabilities

Summary: Dell PowerStore Family remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Third-party Component CVEs More Information
bind CVE-2024-1975, CVE-2024-1737

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
bouncycastle CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2023-33202

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
cni CVE-2024-1753

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
commons-compress CVE-2024-26308, CVE-2024-25710

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2023-45288

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
giflib CVE-2023-48161, CVE-2022-28506, CVE-2021-40633

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2024-33601, CVE-2024-33602, CVE-2024-2961, CVE-2024-33600, CVE-2024-33599

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
hsqldb CVE-2022-4185

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
idna CVE-2024-3651

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2024-40937, CVE-2021-0129, CVE-2020-26558, CVE-2022-48821, CVE-2024-41011, CVE-2021-47598, CVE-2021-47580, CVE-2021-47219, CVE-2023-52686, CVE-2024-38559, CVE-2024-39494, CVE-2024-41069, CVE-2024-42145, CVE-2024-41059, CVE-2023-52885, CVE-2022-48792, CVE-2024-41090, CVE-2021-47291, CVE-2021-47126, CVE-2021-47506, CVE-2021-47520, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2021-47600, CVE-2024-36974

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-37371, CVE-2024-37370

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libgpg-erro0 CVE-2024-28180

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libuv1 CVE-2023-50387, CVE-2023-50868, CVE-2023-6516, CVE-2023-4408, CVE-2023-5517

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
lxml CVE-2022-2309

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
module-tools CVE-2023-23559

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21131, CVE-2024-21140, CVE-2024-21144, CVE-2024-21147, CVE-2024-21138, CVE-2024-21145

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-5535

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pip CVE-2021-3572, CVE-2023-5752

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
podman CVE-2024-3727

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-pycryptodome CVE-2023-52323

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-requests CVE-2023-32681

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-setuptools CVE-2024-6345

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
xen CVE-2024-31146, CVE-2024-31145

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String 
CVE-2024-51532 Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String 
CVE-2024-51532 Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers
Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers

Revision History

RevisionDateDescription
1.02024-12-19Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerStore 3200T, PowerStore 500T, PowerStore 5200T, PowerStore 9200T
Article Properties
Article Number: 000261519
Article Type: Dell Security Advisory
Last Modified: 19 Dec 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.