DSA-2025-154: Security Update for Dell ECS and ObjectScale Use of Hard-coded SSH Cryptographic Key Vulnerability

Samenvatting: Dell ECS and ObjectScale remediation is available for use of hard-coded SSH cryptographic key vulnerability that could be exploited by malicious users to compromise the affected system. ...

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

High

Meer details

This Security Advisory communicates vulnerabilities affecting versions prior to ECS 3.8.1.5 and ObjectScale 4.0.0.0 only when those versions are reached through an upgrade path. Fresh installations of ECS 3.8.0.x, ECS 3.8.1.x and ObjectScale 4.0.0.x or later are not affected. To mitigate the vulnerabilities, customers must first upgrade to a remediated version, then perform the ‘Rotate SSH Keys’ procedure referenced in the ‘Workaround and Mitigation’ section.

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2025-26476 Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Product Affected Versions Remediated Versions Link
ECS Versions prior to 3.8.1.5 Version 3.8.1.5 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154
ObjectScale Version 4.0.0.0 Version 4.0.0.0 or later Open a Service Request for an Operating Environment Upgrade and Quote DSA-2025-154

 

Notes:

  1. Dell recommends all customers have their ObjectScale/ ECS systems upgraded at the earliest opportunity by opening an “Operating Environment Upgrade” Service Request.
  2. Please visit the Security Update Release Schedule for Supported Versions of ObjectScale (formerly ECS) for more information regarding upcoming security releases.
  3. A fresh installation refers to the process of deploying Dell ECS or ObjectScale on a system where all previous configurations, data, and components have been completely removed. This term applies to both:
    1. New Installations: Installing ECS/ObjectScale on a clean, unused system.
    2. Re-installations: Re-deploying ECS/ObjectScale after wiping out an existing environment to return it to a clean state.

Tijdelijke oplossingen en risicobeperking

CVE ID Workaround and Mitigation
CVE-2025-26476 Customers are required to upgrade to a remediated version first, then perform the ‘Rotate SSH Keys’ procedure to complete remediation as documented in KB 000339248: Dell ECS and Dell ObjectScale: Use of Hard Coded SSH Cryptographic Key Vulnerability Remediation.

 

Revisiegeschiedenis

RevisionDateDescription
1.02025-07-28Initial Release
2.02025-07-30Expanded product tagging and updated display text for KB 000339248

 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

ECS, ObjectScale, ECS Appliance, ECS Appliance Hardware Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ObjectScale Appliance Software with Encryption, ObjectScale Appliance Software without Encryption , ObjectScale Appliance Series, ObjectScale Software Series ...
Artikeleigenschappen
Artikelnummer: 000339134
Artikeltype: Dell Security Advisory
Laatst aangepast: 30 jul. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.