Dell has recently disclosed two critical security vulnerabilities affecting a wide range of its products, potentially exposing numerous systems to serious risks.
The vulnerabilities, identified as CVE-2024-37143 and CVE-2024-37144, impact various versions of Dell PowerFlex appliances, racks, custom nodes, InsightIQ, and Data Lakehouse products.
Dell Security Vulnerabilities
CVE-2024-37143, the more severe of the two, is an Improper Link Resolution Before File Access vulnerability. This flaw allows an unauthenticated attacker with remote access to execute arbitrary code on affected systems. With a CVSS score of 10.0, this vulnerability poses a critical threat to system security.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
The second vulnerability, CVE-2024-37144, involves Insecure Storage of Sensitive Information.
While it requires a high-privileged attacker with local access, it can lead to information disclosure. Exploiting this vulnerability may allow attackers to gain unauthorized access to pods within the cluster. This flaw has been assigned a CVSS score of 8.2, indicating its high severity.
The affected products include various versions of Dell PowerFlex appliances, racks, and custom nodes using PowerFlex Manager, InsightIQ, and Data Lakehouse. Specifically, the vulnerabilities impact:
- Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00
- Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train)
- Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0
- Dell InsightIQ versions prior to 5.1.1
- Dell Data Lakehouse versions prior to 1.2.0.0
Dell has released security updates for the affected products to address these vulnerabilities. Users are strongly advised to update their systems to the latest versions as soon as possible.
For PowerFlex Manager versions prior to 4.6.1 (RCMs prior to 3.7.6.0/3.8.1.0 or ICs prior to 46.376.00/46.381.00), Dell recommends referencing KB Article 000231116 for mitigation steps.
The widespread nature of these vulnerabilities across Dell’s product line underscores the importance of prompt action.
Organizations using any of the affected Dell products should prioritize applying the available patches to mitigate the risk of potential attacks.
As cyber threats continue to evolve, staying vigilant and maintaining up-to-date security measures is crucial.
These vulnerabilities serve as a reminder of the ongoing need for robust security practices and timely patch management in enterprise environments.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free