DSA-2024-358: Security Update for Dell Connectrix (Brocade) for Multiple Third-Party Component Vulnerabilities

Résumé: Dell Connectrix (Brocade) remediation is available for multiple third-party component Vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

High

Détails supplémentaires

CVE-2024-5461 is applicable only to Brocade 6547. This product is not sold by Dell and does not affect Brocade switches sold under Dell Connectix (Brocade).

Détails

Third-party Component CVEs More Information
SNMP CVE-2024-5462 Brocade Security ID: BSA-2024-2678This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 Brocade Security Advisory ID: BSA-2024-2375This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

CVEs Addressed  Product  Software/Firmware  Affected Versions  Remediated Versions  Link 
CVE-2024-5462 Connectrix B-Series  FOS Versions prior to 9.2.0 Version 9.2.0a or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 Connectrix B-Series FOS Versions prior to 9.0 Version 9.2.0b1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 Connectrix B-Series FOS Versions prior to 9.1.1d1 Version 9.1.1d2 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVEs Addressed  Product  Software/Firmware  Affected Versions  Remediated Versions  Link 
CVE-2024-5462 Connectrix B-Series  FOS Versions prior to 9.2.0 Version 9.2.0a or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 Connectrix B-Series FOS Versions prior to 9.0 Version 9.2.0b1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541, CVE-2022-40304, CVE-2023-28484, CVE-2023-29469 Connectrix B-Series FOS Versions prior to 9.1.1d1 Version 9.1.1d2 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
Note: The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Solutions de contournement et mesures d’atténuation

CVE ID Workaround and Mitigation
CVE-2024-5462 The recommendation is to change SNMP authpassword / privpassword after enabling SNMPv3 password encryption as these secrets could have been previously exposed or may have been previously captured within an internal log that could be exposed on the next Supportsave capture.
    snmpconfig --set snmpv3 -index <index> {[-user <user_name>] [-groupname
{ro | rw}
] [-auth_proto <auth_protocol> -auth_passwd <auth_password> [-priv_proto <priv_protocol> -priv_passwd <priv_password>]] [-engine_id <engine_id>]}

Historique des révisions

Revision DateDescription
1.02024-08-30Initial Release
2.02024-09-12Updated for enhanced presentation with no changes to content
3.02024-11-20Updated the affected versions
4.02025-02-11Updated for enhanced presentation with no changes to content

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

Connectrix DS-6610B, Connectrix DS-6620B, Connectrix DS-6620B-V2, Connectrix DS-6630B, Connectrix DS-6630B-V2, Connectrix DS-7720B, Connectrix DS-7730B, Connectrix ED-DCX6-4B, Connectrix ED-DCX6-8B, Connectrix ED-DCX7-4B, Connectrix ED-DCX7-8B , Connectrix MP-7810B, Connectrix MP-7850B ...
Propriétés de l’article
Numéro d’article: 000228212
Type d’article: Dell Security Advisory
Dernière modification: 11 Feb 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.