DSA-2025-204: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
Zhrnutie: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dosah
Critical
Podrobnosti
| Third-party Component | CVEs | More Information |
| Dell PowerEdge Server BIOS | CVE-2024-24980, CVE-2024-24853, CVE-2023-22351, CVE-2024-21871, CVE-2023-25546, CVE-2023-42772, CVE-2024-21829, CVE-2024-21781, CVE-2023-41833, CVE-2023-43753, CVE-2024-23984, CVE-2024-24968, CVE-2024-21853, CVE-2024-38303, CVE-2024-38304, CVE-2024-21820, CVE-2024-23918, CVE-2024-25565, CVE-2024-36242, CVE-2024-24985, CVE-2024-22185, CVE-2024-21944, CVE-2024-27457, CVE-2024-21925, CVE-2024-21924, CVE-2024-21936, CVE-2024-21935, CVE-2024-21927, CVE-2023-20508, CVE-2023-20582, CVE-2023-20581, CVE-2023-31345, CVE-2024-56161, CVE-2024-38796, CVE-2024-36347, CVE-2023-20599 | DSA-2024-308, DSA-2024-383, DSA-2024-309, DSA-2024-310, DSA-2024-385, DSA-2025-085, DSA-2024-404, DSA-2025-040, DSA-2025-038, DSA-2025-112 |
| iDRAC | CVE-2023-52340, CVE-2024-42154 | DSA-2024-460 |
| Apache MINA | CVE-2024-52046 | https://nvd.nist.gov/vuln/search |
| Intel Adapters | CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| Cisco Switches | CVE-2024-6387, CVE-2024-20286, CVE-2024-20285, CVE-2024-20284, CVE-2024-20289, CVE-2024-20413, CVE-2024-20411, CVE-2024-20397 | https://nvd.nist.gov/vuln/search |
| VMware ESXi | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | VMSA-2025-0004 |
| OpenSSH | CVE-2023-38408 | https://nvd.nist.gov/vuln/search |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-36610 |
Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. |
6.3 |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-36610 |
Dell PowerFlex Manager version 4.6.1 and prior, contain an SMB Signing not required vulnerability. An adjacent unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack. |
6.3 |
Dotknuté produkty a riešenie problému
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
PowerFlex rack |
RCM |
Versions prior to 3.7.7.0 |
Version 3.7.7.0 or later
|
|
|
PowerFlex rack |
RCM |
Versions prior to 3.8.2.0 |
Version 3.8.2.0 or later |
|
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
|
PowerFlex rack |
RCM |
Versions prior to 3.7.7.0 |
Version 3.7.7.0 or later
|
|
|
PowerFlex rack |
RCM |
Versions prior to 3.8.2.0 |
Version 3.8.2.0 or later |
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/product-support/product/powerflex-rack-rcm-sw/drivers.
História revízií
|
Revision |
Date |
Description |
|
1.0 |
2025-05-08 |
Initial Release |
|
2.0 |
2025-07-15 |
Added information for CVE-2023-20599 |
|
3.0 |
2025-07-17 |
Added information for CVE-2025-36610 |
|
4.0 |
2025-11-24 |
Added information for CVE-2023-38408 |