Dell Security Update Patches Multiple Critical Vulnerabilities

Home/Internet Security, Security Advisory, Security Update, vulnerability/Dell Security Update Patches Multiple Critical Vulnerabilities

Dell Security Update Patches Multiple Critical Vulnerabilities

Dell Technologies has issued a security advisory for critical vulnerabilities that could be exploited by attackers.

Customers should update their systems to fix two critical CVEs affecting multiple Dell products. Failure to do so could lead to unauthorized access and remote code execution.

If exploited, the vulnerabilities could let attackers run arbitrary code remotely or access sensitive data, threatening business continuity and data security.

Critical Vulnerabilities

CVE-2024-37143: Improper Link Resolution Before File Access

CVE-2024-37143 is a critical vulnerability affecting several Dell products, including PowerFlex appliances, InsightIQ, and Data Lakehouse.

It allows remote, unauthenticated attackers to exploit improper file link resolution, potentially executing arbitrary code on affected systems.

This vulnerability is highly impactful, with a CVSS score of 10.0, the highest possible, due to its ease of exploitation and potential threat to system confidentiality, integrity, and availability.

CVE-2024-37144: Insecure Storage of Sensitive Information

CVE-2024-37144 is a high-severity vulnerability affecting several Dell products, including PowerFlex appliances, InsightIQ, and Data Lakehouse.

It results from improper handling of sensitive data, allowing a high-privileged attacker with local access to potentially expose sensitive information.

Exploiting this vulnerability could lead to unauthorized access to cluster resources, threatening system confidentiality and integrity.

Dell urges customers to review CVSS base scores and apply updates quickly to reduce risks.

Affected Products & Remediation

The following products and versions are affected, along with their remediated versions:

  • Dell PowerFlex appliance – Intelligent Catalog (IC): Versions prior to 46.381.00 and 46.376.00
  • Dell PowerFlex rack – RCM (3.8.x train): Versions prior to 3.8.1.0
  • Dell PowerFlex rack – RCM (3.7.x train): Versions prior to 3.7.6.0
  • Dell PowerFlex custom node – PowerFlex Manager: Versions prior to 4.6.1.0
  • Dell InsightIQ – Installation Package: Versions prior to 5.1.1
  • Dell Data Lakehouse – Bundle: Versions prior to 1.2.0.0

Dell assumes no liability for damages from this advisory. Customers are responsible for assessing impacts and applying updates as needed.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 385
By | 2025-01-08T23:34:51+05:30 December 13th, 2024|Internet Security, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!