Article Number: 000224843
DSA-2024-083: Security Update for Dell PowerProtect Data Manager Appliance (DM5500) for Multiple Vulnerabilities
Summary: Dell PowerProtect Data Manager Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Third-Party Component |
CVEs | More information |
|---|---|---|
| Intel | CVE-2023-39432, CVE-2023-33870, CVE-2023-29153 | DSA-2024-001 |
| TianoCore EDK2 | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233 CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 |
DSA-2023-357 |
| BIOS | CVE-2023-32460 |
DSA-2023-361 |
| Intel | CVE-2022-40982, CVE-2022-43505, CVE-2023-47165, CVE-2024-21828 | IINTEL-SA-00828  , INTEL-SA-00813 , INTEL-TA-01041 , INTEL-TA-01056 |
| Hypervisor Manager | CVE-2023-34048, CVE-2023-34056 | VMSA-2023-0023 |
| Appliance OS | CVE-2023-46604, CVE-2022-1245, CVE-2015-7501, CVE-2023-6378, CVE-2023-44487, CVE-2023-34462, CVE-2023-35116 | See NVD link below for individual scores for each CVE. http://nvd.nist.gov/ |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2.2 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N |
Affected Products and Remediation
| Product | Affected Versions | Updated Version | Link |
|---|---|---|---|
| Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
| Product | Affected Versions | Updated Version | Link |
|---|---|---|---|
| Dell PowerProtect Data Manager DM5500 Appliance | Versions 5.15 and prior | 5.16 | https://dl.dell.com/downloads/X8M5P_PowerProtect-Data-Manager-DM5500-Appliance-5.16.0.0-Upgrade-file.pkg |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-05-07 | Initial Release |
| 2.0 | 2024-05-16 | Updated Third-Party Component table |
Related Information
Legal Information
Article Properties
Affected Product
PowerProtect Data Manager Appliance, PowerProtect DM5500
Last Published Date
16 May 2024
Article Type
Dell Security Advisory