DSA-2024-497: Dell PowerStore T Security Update for Multiple Vulnerabilities

摘要: Dell PowerStore Family remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

High

詳細資料

Third-party Component CVEs More Information
bind CVE-2024-1975, CVE-2024-1737

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
bouncycastle CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2023-33202

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
cni CVE-2024-1753

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
commons-compress CVE-2024-26308, CVE-2024-25710

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2023-45288

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
giflib CVE-2023-48161, CVE-2022-28506, CVE-2021-40633

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2024-33601, CVE-2024-33602, CVE-2024-2961, CVE-2024-33600, CVE-2024-33599

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
hsqldb CVE-2022-4185

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
idna CVE-2024-3651

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2024-40937, CVE-2021-0129, CVE-2020-26558, CVE-2022-48821, CVE-2024-41011, CVE-2021-47598, CVE-2021-47580, CVE-2021-47219, CVE-2023-52686, CVE-2024-38559, CVE-2024-39494, CVE-2024-41069, CVE-2024-42145, CVE-2024-41059, CVE-2023-52885, CVE-2022-48792, CVE-2024-41090, CVE-2021-47291, CVE-2021-47126, CVE-2021-47506, CVE-2021-47520, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2021-47600, CVE-2024-36974

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-37371, CVE-2024-37370

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libgpg-erro0 CVE-2024-28180

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libuv1 CVE-2023-50387, CVE-2023-50868, CVE-2023-6516, CVE-2023-4408, CVE-2023-5517

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
lxml CVE-2022-2309

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
module-tools CVE-2023-23559

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2024-21131, CVE-2024-21140, CVE-2024-21144, CVE-2024-21147, CVE-2024-21138, CVE-2024-21145

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2024-5535

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pip CVE-2021-3572, CVE-2023-5752

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
podman CVE-2024-3727

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-pycryptodome CVE-2023-52323

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-requests CVE-2023-32681

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python-setuptools CVE-2024-6345

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
xen CVE-2024-31146, CVE-2024-31145

See NVD link below for individual scores for each CVE.

http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String 
CVE-2024-51532 Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String 
CVE-2024-51532 Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers
Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.6.1.4-2413340 Version 3.6.1.4-2413340 or later https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers

修訂歷史記錄

RevisionDateDescription
1.02024-12-19Initial Release

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

PowerStore 3200T, PowerStore 500T, PowerStore 5200T, PowerStore 9200T
文章屬性
文章編號: 000261519
文章類型: Dell Security Advisory
上次修改時間: 19 12月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。