DSA-2024-413: Security Update for a Dell PowerFlex Manager Cleartext Storage of Sensitive Information Vulnerability

Tabla de contenido

Artículo detallado

Impacto

Detalles

Productos afectados y corrección

Soluciones alternativas y mitigaciones

Historial de revisiones

Información relacionada

Aviso legal

Productos afectados

Opinar

Resumen: Dell PowerFlex Manager remediation is available for a vulnerability that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a: Este artículo no se aplica a: Este artículo no está vinculado a ningún producto específico. En este artículo no se identifican todas las versiones de los productos.

Consultar otros recursos

Impacto

Critical

Detalles

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-47244	Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244.	9.0	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2024-47244	Dell PowerFlex Manager versions prior to 3.8.8 for RCM train 3.6.x, and versions prior to 4.6.0.1 for RCM trains 3.7.x and 3.8.x, contain a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information exposure and Elevation of privileges. This vulnerability is considered critical as it could allow an attacker to take administrative actions within Cloudlink and affect the encrypted storage devices stored in Cloudlink. Dell recommends that customers upgrade at the earliest opportunity. Installations not leveraging CloudLink are not affected by CVE-2024-47244.	9.0	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
PowerFlex rack	PowerFlex Manager	Versions prior to 3.8.8	Version 3.8.8	Code & Compatibility Knowledge Hub
PowerFlex rack	PowerFlex Manager	Versions prior to 4.6.0.1	Version 4.6.0.1	Code & Compatibility Knowledge Hub
PowerFlex appliance	PowerFlex Manager	Versions prior to 3.8.8	Version 3.8.8	Code & Compatibility Knowledge Hub
PowerFlex appliance	PowerFlex Manager	Versions prior to 4.6.0.1	Version 4.6.0.1	Code & Compatibility Knowledge Hub

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
PowerFlex rack	PowerFlex Manager	Versions prior to 3.8.8	Version 3.8.8	Code & Compatibility Knowledge Hub
PowerFlex rack	PowerFlex Manager	Versions prior to 4.6.0.1	Version 4.6.0.1	Code & Compatibility Knowledge Hub
PowerFlex appliance	PowerFlex Manager	Versions prior to 3.8.8	Version 3.8.8	Code & Compatibility Knowledge Hub
PowerFlex appliance	PowerFlex Manager	Versions prior to 4.6.0.1	Version 4.6.0.1	Code & Compatibility Knowledge Hub

For complete remediation, customers who upgrade to PowerFlex Manager versions 3.8.8 or 4.6.0.1 should also perform the steps outlined in the below links:

Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 3.8.x (Log in as Dell Support registered user is required to view this article.)
Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 4.x (Log in as Dell Support registered user is required to view this article.)

Configurations not leveraging CloudLink are not affected by CVE-2024-47244.

In the case of manual upgrade for PowerFlex rack, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers

Soluciones alternativas y mitigaciones

CVE ID	Workaround and Mitigation
CVE-2024-47244	For customers who are unable to upgrade PowerFlex Manager, follow the mitigation guidance in the below links: Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 3.8.x (Log in as Dell Support registered user is required to view this article.) Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 4.x (Log in as Dell Support registered user is required to view this article.)

CVE ID

Workaround and Mitigation

CVE-2024-47244

For customers who are unable to upgrade PowerFlex Manager, follow the mitigation guidance in the below links:

Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 3.8.x (Log in as Dell Support registered user is required to view this article.)
Supplemental Remediation and Workaround Details for CVE-2024-47244 for PowerFlex Manager Versions 4.x (Log in as Dell Support registered user is required to view this article.)

Historial de revisiones

Revision	Date	Description
1.0	2024-10-07	Initial Release
2.0	2024-10-28	Minor update to the CVE description.
3.0	2025-05-07	Updated for enhanced presentation with no changes to content.

Información relacionada

Aviso legal

Productos afectados

PowerFlex appliance R650, PowerFlex appliance R6525, PowerFlex appliance R660, PowerFlex appliance R6625, PowerFlex appliance R640

Productos

PowerFlex Appliance, Powerflex appliance R750, PowerFlex appliance R760, PowerFlex appliance R7625, PowerFlex rack HW, PowerFlex rack RCM Software, PowerFlex Software, PowerFlex appliance R740XD, PowerFlex appliance R7525, PowerFlex appliance R840

Número de artículo: 000238943

Tipo de artículo: Dell Security Advisory

Última modificación: 19 may 2025

Comprueba si tu dispositivo está cubierto por los servicios de asistencia.

DSA-2024-413: Security Update for a Dell PowerFlex Manager Cleartext Storage of Sensitive Information Vulnerability

Resumen: Dell PowerFlex Manager remediation is available for a vulnerability that could be exploited by malicious users to compromise the affected system.

Impacto

Detalles

Productos afectados y corrección

Soluciones alternativas y mitigaciones

Historial de revisiones

Información relacionada

Aviso legal

Productos afectados

Productos

Propiedades del artículo

Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell

Servicios de asistencia

Propiedades del artículo

Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell

Servicios de asistencia