DSA-2024-340: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
Samenvatting: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Meer details
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
Gegevens
| Third-party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge Server BIOS | CVE-2024-0162 CVE-2024-0163 CVE-2024-0154 CVE-2024-0173 CVE-2023-31346 CVE-2023-31347 CVE-2024-0161 |
DSA-2024-004 DSA-2024-003 DSA-2024-034 DSA-2024-002 DSA-2024-006 DSA-2024-035 |
| Intel | CVE-2023-32666 CVE-2023-38575 CVE-2023-39368 CVE-2023-22655 CVE-2023-35191 CVE-2024-21828 |
DSA-2024-005 DSA-2024-206 |
| VMware | CVE-2024-22252 CVE-2024-22253 CVE-2024-22254 CVE-2024-22255 CVE-2024-22273 CVE-2024-22274 CVE-2024-22275 CVE-2024-37087 CVE-2024-37079 CVE-2024-37080 CVE-2024-37081 |
VMSA-2024-0006 VMSA-2024-0011 VMSA-2024-0013 VMSA-2024-0012  |
| iDRAC | CVE-2023-29499 | DSA-2024-286 |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Getroffen producten en herstel
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2024-07-31 | Initial Release |
| 2.0 | 2025-11-24 | Added details for CVE-2025-30481 |
| 3.0 | 2025-11-24 | Updated for enhanced presentation with no changes to content |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
PowerFlex rack, PowerFlex rack connectivity, PowerFlex rack HW, PowerFlex rack RCM Software, Product Security InformationArtikeleigenschappen
Artikelnummer: 000227464
Artikeltype: Dell Security Advisory
Laatst aangepast: 24 nov. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.