Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2024-239: Security Update Dell ECS 3.8.1.1 for Multiple Security Vulnerabilities

Summary: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to   This article does not apply to 
Check out resources for

Impact

Critical

Details

Third-Party Component CVEs More Information
apache/xerces-c CVE-2023-37536 https://nvd.nist.gov/vuln/detail/CVE-2023-37536 This hyperlink is taking you to a website outside of Dell Technologies.
containerd CVE-2022-1996 https://nvd.nist.gov/vuln/detail/CVE-2022-1996 This hyperlink is taking you to a website outside of Dell Technologies.
GNU GRUB CVE-2023-4692 https://nvd.nist.gov/vuln/detail/CVE-2023-4692 This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952, CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Kernel CVE-2023-3090, CVE-2023-3863, CVE-2023-39198, CVE-2023-4622, CVE-2023-4623, CVE-2023-5717, CVE-2023-6270, CVE-2023-6931, CVE-2023-6932 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
krb5/krb5 CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 This hyperlink is taking you to a website outside of Dell Technologies.
libTIFF CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 This hyperlink is taking you to a website outside of Dell Technologies.
nghttp2 CVE-2023-35945 https://nvd.nist.gov/vuln/detail/CVE-2023-35945 This hyperlink is taking you to a website outside of Dell Technologies.
openSSH CVE-2023-48795, CVE-2023-51385 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 This hyperlink is taking you to a website outside of Dell Technologies.
python3 CVE-2023-27043, CVE-2023-40217, CVE-2023-6597 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
Vim CVE-2023-2610, CVE-2023-4733, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5535 See NVD link below for Individual scores for each CVE.
https://nvd.nist.gov This hyperlink is taking you to a website outside of Dell Technologies.
vorbis-tools CVE-2023-43361 https://nvd.nist.gov/vuln/detail/CVE-2023-43361 This hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9





CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description  CVSS Base Score
CVSS Vector String
CVE-2024-30473 Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. 4.9





CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Product Affected Versions Remediated Version Link to Update
Dell ECS Versions prior to 3.8.1.1 Version 3.8.1.1 https://www.dell.com/support/incidents-online/contactus/dynamic
Dell recommends all customers have their ECS systems upgraded at the earliest opportunity by opening a “Operating Environment Upgrade” Service Request.

Revision History

RevisionDateDescription
1.02024-07-18Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

ECS, ECS Appliance, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS Software