DSA-2024-340: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
概要: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細情報
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
詳細
| Third-party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge Server BIOS | CVE-2024-0162 CVE-2024-0163 CVE-2024-0154 CVE-2024-0173 CVE-2023-31346 CVE-2023-31347 CVE-2024-0161 |
DSA-2024-004 DSA-2024-003 DSA-2024-034 DSA-2024-002 DSA-2024-006 DSA-2024-035 |
| Intel | CVE-2023-32666 CVE-2023-38575 CVE-2023-39368 CVE-2023-22655 CVE-2023-35191 CVE-2024-21828 |
DSA-2024-005 DSA-2024-206 |
| VMware | CVE-2024-22252 CVE-2024-22253 CVE-2024-22254 CVE-2024-22255 CVE-2024-22273 CVE-2024-22274 CVE-2024-22275 CVE-2024-37087 CVE-2024-37079 CVE-2024-37080 CVE-2024-37081 |
VMSA-2024-0006 VMSA-2024-0011 VMSA-2024-0013 VMSA-2024-0012  |
| iDRAC | CVE-2023-29499 | DSA-2024-286 |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
影響を受ける製品と修復
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
変更履歴
| Revision | Date | Description |
| 1.0 | 2024-07-31 | Initial Release |
| 2.0 | 2025-11-24 | Added details for CVE-2025-30481 |
| 3.0 | 2025-11-24 | Updated for enhanced presentation with no changes to content |
関連情報
法的免責事項
対象製品
PowerFlex rack, PowerFlex rack connectivity, PowerFlex rack HW, PowerFlex rack RCM Software, Product Security Information文書のプロパティ
文書番号: 000227464
文書の種類: Dell Security Advisory
最終更新: 24 11月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。