DSA-2024-340: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
Resumo: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artigo aplica-se a
Este artigo não se aplica a
Este artigo não está vinculado a nenhum produto específico.
Nem todas as versões do produto estão identificadas neste artigo.
Impacto
High
Detalhes adicionais
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
Dados
| Third-party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge Server BIOS | CVE-2024-0162 CVE-2024-0163 CVE-2024-0154 CVE-2024-0173 CVE-2023-31346 CVE-2023-31347 CVE-2024-0161 |
DSA-2024-004 DSA-2024-003 DSA-2024-034 DSA-2024-002 DSA-2024-006 DSA-2024-035 |
| Intel | CVE-2023-32666 CVE-2023-38575 CVE-2023-39368 CVE-2023-22655 CVE-2023-35191 CVE-2024-21828 |
DSA-2024-005 DSA-2024-206 |
| VMware | CVE-2024-22252 CVE-2024-22253 CVE-2024-22254 CVE-2024-22255 CVE-2024-22273 CVE-2024-22274 CVE-2024-22275 CVE-2024-37087 CVE-2024-37079 CVE-2024-37080 CVE-2024-37081 |
VMSA-2024-0006 VMSA-2024-0011 VMSA-2024-0013 VMSA-2024-0012  |
| iDRAC | CVE-2023-29499 | DSA-2024-286 |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-30481 | Dell Management VM, version(s) prior to 4.6.0, contain(s) deprecated cryptographic settings. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 3.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Produtos afetados e soluções
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | RCM | Versions prior to 3.8.0.1 | Version 3.8.0.1 | RCM release |
Histórico de revisão
| Revision | Date | Description |
| 1.0 | 2024-07-31 | Initial Release |
| 2.0 | 2025-11-24 | Added details for CVE-2025-30481 |
| 3.0 | 2025-11-24 | Updated for enhanced presentation with no changes to content |
Informações relacionadas
Aviso de isenção legal
Produtos afetados
PowerFlex rack, PowerFlex rack connectivity, PowerFlex rack HW, PowerFlex rack RCM Software, Product Security InformationPropriedades do artigo
Número do artigo: 000227464
Tipo de artigo: Dell Security Advisory
Último modificado: 24 nov. 2025
Encontre as respostas de outros usuários da Dell para suas perguntas.
Serviços de suporte
Verifique se o dispositivo está coberto pelos serviços de suporte.