DSA-2024-405: Security Update for Dell Products for Multiple Vulnerabilities
요약: Remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise affected systems.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-37143 |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. |
10.0 |
|
| CVE-2024-37144 |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. |
8.2 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-37143 |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. |
10.0 |
|
| CVE-2024-37144 |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. |
8.2 |
영향을 받는 제품 및 문제 해결
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
| Dell PowerFlex appliance |
Intelligent Catalog (IC) |
Versions prior to 46.381.00 |
Version 46.381.00 or later |
|
| Dell PowerFlex appliance |
Intelligent Catalog (IC) |
Versions prior to 46.376.00 |
Version 46.376.00 or later |
|
| Dell PowerFlex rack |
Release Certification Matrix (RCM) |
Versions prior to 3.8.1.0 |
Version 3.8.1.0 or later |
|
| Dell PowerFlex rack |
Release Certification Matrix (RCM) |
Versions prior to 3.7.6.0 |
Version 3.7.6.0 or later |
|
| Dell PowerFlex custom node |
PowerFlex Manager |
Versions prior to 4.6.1.0 |
Version 4.6.1.0 or later |
|
| Dell InsightIQ |
Installation Package |
Versions prior to 5.1.1 |
Version 5.1.1 or later |
|
| Dell Data Lakehouse |
Bundle |
Versions prior to 1.2.0.0 |
Version 1.2.0.0 or later |
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
| Dell PowerFlex appliance |
Intelligent Catalog (IC) |
Versions prior to 46.381.00 |
Version 46.381.00 or later |
|
| Dell PowerFlex appliance |
Intelligent Catalog (IC) |
Versions prior to 46.376.00 |
Version 46.376.00 or later |
|
| Dell PowerFlex rack |
Release Certification Matrix (RCM) |
Versions prior to 3.8.1.0 |
Version 3.8.1.0 or later |
|
| Dell PowerFlex rack |
Release Certification Matrix (RCM) |
Versions prior to 3.7.6.0 |
Version 3.7.6.0 or later |
|
| Dell PowerFlex custom node |
PowerFlex Manager |
Versions prior to 4.6.1.0 |
Version 4.6.1.0 or later |
|
| Dell InsightIQ |
Installation Package |
Versions prior to 5.1.1 |
Version 5.1.1 or later |
|
| Dell Data Lakehouse |
Bundle |
Versions prior to 1.2.0.0 |
Version 1.2.0.0 or later |
해결 방법 및 완화 방안
| CVE ID |
Workaround and Mitigation |
| CVE-2024-37143 |
For remediation for PowerFlex Manager versions prior to 4.6.1 (RCMs prior to 3.7.6.0/3.8.1.0 or ICs prior to 46.376.00/46.381.00), reference KB Article 000231116 Mitigation for Powerflex Manager CVE-2024-37143 (customer login required). |
개정 내역
|
Revision |
Date |
Description |
|
1.0 |
2024-12-09 |
Initial Release |
|
2.0 |
2024-12-10 |
Updated Affected Products section at bottom of advisory |
관련 정보
법적 고지 사항
해당 제품
PowerFlex rack, PowerFlex Appliance, Dell Data Lakehouse, Isilon InsightIQ, PowerFlex appliance Intelligent Catalog Software, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R6525, PowerFlex custom node R660
, PowerFlex custom node R6625, PowerFlex custom node R750, PowerFlex custom node R760, PowerFlex custom node R7625, PowerFlex rack RCM Software, PowerScale InsightIQ
...
문서 속성
문서 번호: 000258342
문서 유형: Dell Security Advisory
마지막 수정 시간: 10 12월 2024
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.