DSA-2025-204: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
概要: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Third-party Component | CVEs | More Information |
| Dell PowerEdge Server BIOS | CVE-2024-24980, CVE-2024-24853, CVE-2023-22351, CVE-2024-21871, CVE-2023-25546, CVE-2023-42772, CVE-2024-21829, CVE-2024-21781, CVE-2023-41833, CVE-2023-43753, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853, CVE-2024-38303, CVE-2024-38304, CVE-2024-21820, CVE-2024-23918, CVE-2024-25565, CVE-2024-36242, CVE-2024-24985, CVE-2024-22185, CVE-2024-21944, CVE-2024-27457, CVE-2024-21925, CVE-2024-21924, CVE-2024-21936, CVE-2024-21935, CVE-2024-21927, CVE-2023-20508, CVE-2023-20582, CVE-2023-20581, CVE-2023-31345, CVE-2024-56161, CVE-2024-38796, CVE-2024-36347, CVE-2023-20599 | DSA-2024-308, DSA-2024-383, DSA-2024-309, DSA-2024-310, DSA-2024-385, DSA-2025-085, DSA-2024-404, DSA-2025-040, DSA-2025-038, DSA-2025-112 |
| iDRAC | CVE-2023-52340, CVE-2024-42154, CVE-2026-26948 | DSA-2024-460, DSA-2026-113 |
| Apache MINA | CVE-2024-52046 | https://nvd.nist.gov/vuln/search |
| Intel Adapters | CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| Cisco Switches | CVE-2024-6387, CVE-2024-20286, CVE-2024-20285, CVE-2024-20284, CVE-2024-20289, CVE-2024-20413, CVE-2024-20411, CVE-2024-20397 | https://nvd.nist.gov/vuln/search |
| VMware ESXi | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | VMSA-2025-0004 |
| OpenSSH | CVE-2023-38408 | https://nvd.nist.gov/vuln/search |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-36610 |
Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. |
6.3 |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-36610 |
Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. |
6.3 |
影響を受ける製品と修復
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.7.7.0 | Version 3.7.7.0 or later | RCM release |
| PowerFlex rack | RCM | Versions prior to 3.8.2.0 | Version 3.8.2.0 or later | RCM release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.7.7.0 | Version 3.7.7.0 or later | RCM release |
| PowerFlex rack | RCM | Versions prior to 3.8.2.0 | Version 3.8.2.0 or later | RCM release |
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/product-support/product/powerflex-rack-rcm-sw/drivers.
変更履歴
| Revision | Date | Description |
| 1.0 | 2025-05-08 | Initial Release |
| 2.0 | 2025-07-15 | Added information for CVE-2023-20599 |
| 3.0 | 2025-07-17 | Added information for CVE-2025-36610 |
| 4.0 | 2025-11-24 | Added information for CVE-2023-38408 |
| 5.0 | 2026-03-18 | Added information for CVE-2026-26948 |
関連情報
法的免責事項
対象製品
PowerFlex rack connectivity, PowerFlex rack RCM Software文書のプロパティ
文書番号: 000318891
文書の種類: Dell Security Advisory
最終更新: 17 3月 2026
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。