DSA-2024-209: Security Update for Dell Update Manager Plugin Vulnerability

Sommaire: Dell Update Manager Plugin remediation is available for plaintext password vulnerability in Log file that could be exploited by malicious users to compromise the affected system.

Cet article s’applique à Cet article ne s’applique pas à Cet article n’est lié à aucun produit spécifique. Toutes les versions de produits ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Low

Détails

Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description  CVSS Base Score CVSS Vector String
CVE-2024-28971 Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommande à tous ses clients de tenir compte à la fois du score de base CVSS et de tous les scores temporels et environnementaux pertinents qui pourraient avoir une incidence sur la gravité potentielle associée à une vulnérabilité de sécurité particulière.

Produits touchés et correction

Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
Product  Affected Versions  Remediated Versions  Link 
Dell Update Manager Plugin Versions 1.4.0 through 1.5.0 1.5.1 Dell OpenManage Enterprise Update Managerv1.5.1 | Driver Details | Dell US
No action required from the customer if UMP-1.5.1 is already installed by the customer. However, we recommend following the workaround mentioned above.

Solutions de contournement et mesures d’atténuation

CVE ID Workaround and Mitigation
CVE-2024-28971 Remove logs from UMP

Historique de révision

RevisionDateDescription
1.02024-05-07Initial release
2.02025-04-15Added product tagging for better classification

Renseignements connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Avis de non-responsabilité

Produits touchés

OpenManage Enterprise Update Manager
Propriétés de l’article
Numéro d’article: 000224849
Type d’article: Dell Security Advisory
Dernière modification: 15 avr. 2025
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.