DSA-2025-154: Security Update for Dell ECS and ObjectScale Use of Hard-coded SSH Cryptographic Key Vulnerability

概要: Dell ECS and ObjectScale remediation is available for use of hard-coded SSH cryptographic key vulnerability that could be exploited by malicious users to compromise the affected system. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

High

詳細情報

This Security Advisory communicates vulnerabilities affecting versions prior to ECS 3.8.1.5 and ObjectScale 4.0.0.0 only when those versions are reached through an upgrade path. Fresh installations of ECS 3.8.0.x, ECS 3.8.1.x and ObjectScale 4.0.0.x or later are not affected. To mitigate the vulnerabilities, customers must first upgrade to a remediated version, then perform the ‘Rotate SSH Keys’ procedure referenced in the ‘Workaround and Mitigation’ section.

詳細

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Notes:

  1. Dell recommends all customers have their ObjectScale/ ECS systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  2. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information regarding upcoming security releases.
  3. A fresh installation refers to the process of deploying Dell ECS or ObjectScale on a system where all previous configurations, data, and components have been completely removed. This term applies to both:
    1. New Installations: Installing ECS/ObjectScale on a clean, unused system.
    2. Re-installations: Re-deploying ECS/ObjectScale after wiping out an existing environment to return it to a clean state.

回避策と緩和策

CVE ID Workaround and Mitigation
CVE-2025-26476 Customers are required to upgrade to a remediated version first, then perform the ‘Rotate SSH Keys’ procedure to complete remediation as documented in KB 000339248: Dell ECS and Dell ObjectScale: Use of Hard Coded SSH Cryptographic Key Vulnerability Remediation.

 

変更履歴

RevisionDateDescription
1.02025-07-28Initial Release
2.02025-07-30Expanded product tagging and updated display text for KB 000339248

 

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Appliance Software with Encryption, ObjectScale Appliance Software without Encryption , ObjectScale Appliance Series, ObjectScale Software Series ...
文書のプロパティ
文書番号: 000339134
文書の種類: Dell Security Advisory
最終更新: 30 7月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。