DSA-2024-209: Security Update for Dell Update Manager Plugin Vulnerability

Resumen: Dell Update Manager Plugin remediation is available for plaintext password vulnerability in Log file that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Low

Detalles

Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
No action required from the customer if UMP-1.5.1 is already installed by the customer. However, we recommend following the workaround mentioned above.

Soluciones alternativas y mitigaciones

CVE ID Workaround and Mitigation
CVE-2024-28971 Remove logs from UMP

Historial de revisiones

RevisionDateDescription
1.02024-05-07Initial release
2.02025-04-15Added product tagging for better classification

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

OpenManage Enterprise Update Manager
Propiedades del artículo
Número del artículo: 000224849
Tipo de artículo: Dell Security Advisory
Última modificación: 15 abr 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.