DSA-2024-239: Security Update Dell ECS 3.8.1.1 for Multiple Security Vulnerabilities

Resumen: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Third-Party Component CVEs More Information
apache/xerces-c CVE-2023-37536 https://nvd.nist.gov/vuln/detail/CVE-2023-37536This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2022-1996 https://nvd.nist.gov/vuln/detail/CVE-2022-1996This hyperlink is taking you to a website outside of Dell Technologies.
GNU GRUB CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-3090, CVE-2023-3863, CVE-2023-39198, CVE-2023-4622, CVE-2023-4623, CVE-2023-5717, CVE-2023-6270, CVE-2023-6931, CVE-2023-6932 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945This hyperlink is taking you to a website outside of Dell Technologies.
openSSH CVE-2023-48795, CVE-2023-51385 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-2610, CVE-2023-4733, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5535 See NVD link below for Individual scores for each CVE.
https://nvd.nist.govThis hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 https://nvd.nist.gov/vuln/detail/CVE-2023-43361This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Historial de revisiones

RevisionDateDescription
1.02024-07-18Initial Release
2.02024-10-25Updated for enhanced presentation with no changes to content

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Propiedades del artículo
Número del artículo: 000227051
Tipo de artículo: Dell Security Advisory
Última modificación: 25 oct. 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.