DSA-2024-086: Security Update for Dell iDRAC Service Module for Memory Corruption Vulnerabilities
Yhteenveto: Dell iDRAC Service Module remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tämä artikkeli koskee tuotetta
Tämä artikkeli ei koske tuotetta
Tämä artikkeli ei liity tiettyyn tuotteeseen.
Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Vaikutus
Medium
Tiedot
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-25948 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-25947 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
| CVE-2024-38489 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | 3.1 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L |
| CVE-2024-38490 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 5.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H |
| CVE-2024-38481 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | 4.8 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Windows, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for Linux, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 8.0 U3, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for OS DUP, v5.3.1.0 |
| iDRAC Service Module | Versions prior to 5.3.0.0 | 5.3.1.0, A00 | Dell iDRAC Service Module for ESXi 7.0 U3, v5.3.1.0 |
Versiohistoria
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-31 | Initial release |
| 2.0 | 2024-07-31 | Formatting changes only. No changes to content. |
Asiaan liittyvät tiedot
Vastuuvapauslauseke
Tuotteet, joihin vaikutus kohdistuu
iDRAC Service ModuleArtikkelin ominaisuudet
Artikkelin numero: 000227444
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 31 heinäk. 2024
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.