DSA-2024-463: Dell ThinOS Security Update for Multiple Third-Party Vulnerabilities

Resumen: Dell ThinOS remediation is available for multiple Third-Party vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Third-party Component CVEs More Information
Cisco Jabber CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780 , CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-35252, CVE-2022-42916, CVE-2022-42915, CVE-2022-32221, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2024-7264, CVE-2023-46219, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727, CVE-2021-38593, CVE-2021-45930, CVE-2022-25255, CVE-2022-25634, CVE-2021-3481, CVE-2023-24607, CVE-2023-32573, CVE-2023-33285, CVE-2023-32762, CVE-2023-32763, CVE-2023-34410, CVE-2023-38197, CVE-2021-28025, CVE-2023-37369, CVE-2023-43114, CVE-2023-51714, CVE-2024-39936, CVE-2023-52355, CVE-2024-25062

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex Meetings VDI CVE-2024-7264

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Webex App VDI CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Citrix Workspace App CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

See NVD Link below for individual scores for each CVE. http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-53290

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-53290

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

8.4

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date

Link

CVE-2022-22576,  CVE-2022-27774,  CVE-2022-27775,  CVE-2022-27776,  CVE-2022-27780 ,  CVE-2022-27781,  CVE-2022-27782,  CVE-2022-32205,  CVE-2022-32206,  CVE-2022-32207, CVE-2022-32208,  CVE-2022-35252,  CVE-2022-42916,  CVE-2022-42915,  CVE-2022-32221,  CVE-2022-43551,  CVE-2022-43552,  CVE-2023-23914,  CVE-2023-23915,  CVE-2023-23916,  CVE-2023-27533,  CVE-2023-27534,  CVE-2023-27535,  CVE-2023-27536,  CVE-2023-27538,  CVE-2023-28319,  CVE-2023-28320,  CVE-2023-28321,  CVE-2023-28322,  CVE-2023-38545,  CVE-2023-38546,  CVE-2023-46218,  CVE-2024-7264,  CVE-2023-46219,  CVE-2022-2097,  CVE-2022-4304,  CVE-2022-4450,  CVE-2023-0215,  CVE-2023-0286,  CVE-2023-0464,  CVE-2023-0465,  CVE-2023-0466,  CVE-2023-2650,  CVE-2023-3817,  CVE-2023-4807,  CVE-2023-5678,  CVE-2024-0727,  CVE-2021-38593,  CVE-2021-45930,  CVE-2022-25255,  CVE-2022-25634,  CVE-2021-3481,  CVE-2023-24607,  CVE-2023-32573,  CVE-2023-33285,  CVE-2023-32762,  CVE-2023-32763,  CVE-2023-34410,  CVE-2023-38197,  CVE-2021-28025,  CVE-2023-37369,  CVE-2023-43114,  CVE-2023-51714,  CVE-2024-39936,  CVE-2023-52355,  CVE-2024-25062

ThinOS 2411

Cisco Jabber

Add-on Cisco_Jabber_14.3.1.308744.9
on ThinOS 2408

Add-on Cisco_Jabber_15.0.0.309289.6
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Jabber package v15.0.0.309289.6 | Driver Details

CVE-2024-7264

ThinOS 2411

Cisco Webex Meetings VDI

Add-on Cisco_Webex_Meetings_VDI_44.6.2.3.4
on ThinOS 2408

Add-on Cisco_Webex_Meetings_VDI_44.10.1.3.4
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex Meetings VDI package v44.10.1.3.4 | Driver Details

CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

ThinOS 2411

Cisco Webex App VDI

Add-on Cisco_Webex_App_VDI_44.6.0.30048.2
on ThinOS 2408

Add-on Cisco_Webex_App_VDI_44.10.0.30906.5
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex App VDI package v44.10.0.30906.5 | Driver Details

CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

ThinOS 2411

Citrix Workspace App

Add-on Citrix_Workspace_App_24.2.0.65.17
on ThinOS 2408

Add-on Citrix_Workspace_App_24.8.0.98.67
on ThinOS 2411

 

11/28/2024

ThinOS 2411 (9.5.4070) Citrix package v24.8.0.98.67 | Driver Details

CVE-2024-53290, CVE-2024-53289

ThinOS 2411

Operating System

ThinOS 2408

ThinOS 2411

11/28/2024

ThinOS 9.1.3129 or later to ThinOS 2411 (9.5.4070) Upgrade Image file | Driver Details

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date

Link

CVE-2022-22576,  CVE-2022-27774,  CVE-2022-27775,  CVE-2022-27776,  CVE-2022-27780 ,  CVE-2022-27781,  CVE-2022-27782,  CVE-2022-32205,  CVE-2022-32206,  CVE-2022-32207, CVE-2022-32208,  CVE-2022-35252,  CVE-2022-42916,  CVE-2022-42915,  CVE-2022-32221,  CVE-2022-43551,  CVE-2022-43552,  CVE-2023-23914,  CVE-2023-23915,  CVE-2023-23916,  CVE-2023-27533,  CVE-2023-27534,  CVE-2023-27535,  CVE-2023-27536,  CVE-2023-27538,  CVE-2023-28319,  CVE-2023-28320,  CVE-2023-28321,  CVE-2023-28322,  CVE-2023-38545,  CVE-2023-38546,  CVE-2023-46218,  CVE-2024-7264,  CVE-2023-46219,  CVE-2022-2097,  CVE-2022-4304,  CVE-2022-4450,  CVE-2023-0215,  CVE-2023-0286,  CVE-2023-0464,  CVE-2023-0465,  CVE-2023-0466,  CVE-2023-2650,  CVE-2023-3817,  CVE-2023-4807,  CVE-2023-5678,  CVE-2024-0727,  CVE-2021-38593,  CVE-2021-45930,  CVE-2022-25255,  CVE-2022-25634,  CVE-2021-3481,  CVE-2023-24607,  CVE-2023-32573,  CVE-2023-33285,  CVE-2023-32762,  CVE-2023-32763,  CVE-2023-34410,  CVE-2023-38197,  CVE-2021-28025,  CVE-2023-37369,  CVE-2023-43114,  CVE-2023-51714,  CVE-2024-39936,  CVE-2023-52355,  CVE-2024-25062

ThinOS 2411

Cisco Jabber

Add-on Cisco_Jabber_14.3.1.308744.9
on ThinOS 2408

Add-on Cisco_Jabber_15.0.0.309289.6
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Jabber package v15.0.0.309289.6 | Driver Details

CVE-2024-7264

ThinOS 2411

Cisco Webex Meetings VDI

Add-on Cisco_Webex_Meetings_VDI_44.6.2.3.4
on ThinOS 2408

Add-on Cisco_Webex_Meetings_VDI_44.10.1.3.4
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex Meetings VDI package v44.10.1.3.4 | Driver Details

CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-3817, CVE-2023-4807, CVE-2023-5678, CVE-2024-0727

ThinOS 2411

Cisco Webex App VDI

Add-on Cisco_Webex_App_VDI_44.6.0.30048.2
on ThinOS 2408

Add-on Cisco_Webex_App_VDI_44.10.0.30906.5
on ThinOS 2411

11/28/2024

ThinOS 2411 (9.5.4070) Cisco Webex App VDI package v44.10.0.30906.5 | Driver Details

CVE-2020-10029, CVE-2020-6096, CVE-2020-1752, CVE-2020-29562, CVE-2019-25013, CVE-2021-3326, CVE-2021-27645, CVE-2020-27618, CVE-2021-35942, CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2023-0687, CVE-2023-4813, CVE-2023-4527, CVE-2001-0034, CVE-2017-11103, CVE-2017-6594, CVE-2017-17439, CVE-2019-12098, CVE-2018-16860, CVE-2022-41916, CVE-2022-44640, CVE-2022-42898, CVE-2021-44758, CVE-2022-3116, CVE-2014-6272, CVE-2013-0340, CVE-2021-29338, CVE-2022-1122, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-7104, CVE-2022-37434

ThinOS 2411

Citrix Workspace App

Add-on Citrix_Workspace_App_24.2.0.65.17
on ThinOS 2408

Add-on Citrix_Workspace_App_24.8.0.98.67
on ThinOS 2411

 

11/28/2024

ThinOS 2411 (9.5.4070) Citrix package v24.8.0.98.67 | Driver Details

CVE-2024-53290, CVE-2024-53289

ThinOS 2411

Operating System

ThinOS 2408

ThinOS 2411

11/28/2024

ThinOS 9.1.3129 or later to ThinOS 2411 (9.5.4070) Upgrade Image file | Driver Details

Soluciones alternativas y mitigaciones

None

Historial de revisiones

Revision

Date

Description

1.0

2024-12-02

Initial Release

2.0

2024-12-03

Updated for enhanced presentation with no change in content.  

3.0

2024-12-04

Updated Third-party component table section for Cisco Jabber:  Updated CVEs: CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32207 Updated Affected Products and Remediation table: Updated CVEs:  CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32207

4.0

2024-12-10

Added Proprietary Code component table section and Updated Affected Products and Remediation table: Added CVEs: CVE-2024-53290, CVE-2024-53289

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Dell ThinOS
Propiedades del artículo
Número del artículo: 000248475
Tipo de artículo: Dell Security Advisory
Última modificación: 10 dic 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.