Ga naar hoofdinhoud
Uitloggen

Welkom bij Dell

Mijn account
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
Inloggen Een account maken Inloggen bij Premier Aanmelden voor partnerprogramma
Contact

Uw Dell.com-winkelwagentjes

DSA-2024-239: Security Update Dell ECS 3.8.1.1 for Multiple Security Vulnerabilities

Samenvatting: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Critical

Gegevens

Third-Party Component CVEs More Information
apache/xerces-c CVE-2023-37536 https://nvd.nist.gov/vuln/detail/CVE-2023-37536 This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2022-1996 https://nvd.nist.gov/vuln/detail/CVE-2022-1996 This hyperlink is taking you to a website outside of Dell Technologies.
GNU GRUB CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692 This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-3090, CVE-2023-3863, CVE-2023-39198, CVE-2023-4622, CVE-2023-4623, CVE-2023-5717, CVE-2023-6270, CVE-2023-6931, CVE-2023-6932 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945 This hyperlink is taking you to a website outside of Dell Technologies.
openSSH CVE-2023-48795, CVE-2023-51385 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-2610, CVE-2023-4733, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5535 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 https://nvd.nist.gov/vuln/detail/CVE-2023-43361 This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9





CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9





CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Revisiegeschiedenis

RevisionDateDescription
1.02024-07-18Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software
Artikeleigenschappen
Artikelnummer: 000227051
Artikeltype: Dell Security Advisory
Laatst aangepast: 18 jul. 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.