DSA-2025-193: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities
Zhrnutie: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
| Dell PowerEdge Server BIOS | CVE-2024-24980, CVE-2024-24853, CVE-2023-22351, CVE-2024-21871, CVE-2023-25546, CVE-2023-42772, CVE-2024-21829, CVE-2024-21781, CVE-2023-41833, CVE-2023-43753, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853, CVE-2024-38303, CVE-2024-38304, CVE-2024-21820, CVE-2024-23918, CVE-2024-25565, CVE-2024-36242, CVE-2024-24985, CVE-2024-22185, CVE-2024-21944, CVE-2024-27457, CVE-2024-21925, CVE-2024-21924, CVE-2024-21936, CVE-2024-21935, CVE-2024-21927, CVE-2023-20508, CVE-2023-20582, CVE-2023-20581, CVE-2023-31345, CVE-2024-56161, CVE-2024-38796, CVE-2024-36347, CVE-2023-20599 | DSA-2024-308, DSA-2024-383, DSA-2024-309, DSA-2024-310, DSA-2024-385, DSA-2025-085, DSA-2024-404, DSA-2025-040, DSA-2025-038, DSA-2025-112 |
| iDRAC | CVE-2023-52340, CVE-2024-42154 | DSA-2024-460 |
| Apache MINA | CVE-2024-52046 | https://nvd.nist.gov/vuln/search |
| Intel Adapters | CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| Cisco Switches | CVE-2024-6387, CVE-2024-20286, CVE-2024-20285, CVE-2024-20284, CVE-2024-20289, CVE-2024-20413, CVE-2024-20411, CVE-2024-20397 | https://nvd.nist.gov/vuln/search |
| VMware ESXi | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | VMSA-2025-0004 |
| OpenSSH | CVE-2023-38408 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36610 | Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-36610 | Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. | 6.3 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Dotknuté produkty a riešenie problému
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex Appliance | IC | Versions prior to 46.377.00 | Version 46.377.00 or later | IC release |
| PowerFlex Appliance | IC | Versions prior to 46.382.00 | Version 46.382.00 or later | IC release |
| Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
| PowerFlex Appliance | IC | Versions prior to 46.377.00 | Version 46.377.00 or later | IC release |
| PowerFlex Appliance | IC | Versions prior to 46.382.00 | Version 46.382.00 or later | IC release |
In the case of manual upgrade for PowerFlex Appliance, please see this link:
https://www.dell.com/support/home/en-us/product-support/product/powerflex-appliance-int-ca-sw/drivers
História revízií
| Revision | Date | Description |
| 1.0 | 2025-05-01 | Initial Release |
| 2.0 | 2025-05-08 | Minor edit |
| 3.0 | 2025-07-17 | Added information for CVE-2023-20599 |
| 4.0 | 2025-07-17 | Added information for CVE-2025-36610 |
| 5.0 | 2025-11-24 | Added information for CVE-2023-38408 |
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
PowerFlex Appliance, PowerFlex appliance Intelligent Catalog SoftwareVlastnosti článku
Číslo článku: 000315712
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 24 nov 2025
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.