Dell Warns of Critical Flaws in Enterprise Products, Including CVE-2024-37143 (CVSS 10)

Dell has released a critical security update to address multiple vulnerabilities impacting several of its enterprise products, including PowerFlex, InsightIQ, and Data Lakehouse. These vulnerabilities, identified as CVE-2024-37143 and CVE-2024-37144, pose significant risks, ranging from remote code execution to information disclosure, with CVSS scores of 10.0 and 8.2, respectively.

CVE-2024-37143
This vulnerability involves improper link resolution before file access, allowing unauthenticated attackers with remote access to execute arbitrary code on affected systems. Dell emphasizes the gravity of the issue: “An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.” The vulnerability affects several versions of Dell PowerFlex, InsightIQ, and Data Lakehouse products.
CVE-2024-37144
This flaw is related to insecure storage of sensitive information, which could enable high-privileged attackers with local access to disclose sensitive information. Dell warns: “The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.”

The vulnerabilities impact multiple products and versions, including:

Dell PowerFlex appliance: Versions prior to IC 46.381.00 and IC 46.376.00.
Dell PowerFlex rack: RCM versions prior to 3.8.1.0 and 3.7.6.0.
Dell PowerFlex custom node: PowerFlex Manager versions prior to 4.6.1.0.
Dell InsightIQ: Versions prior to 5.1.1.
Dell Data Lakehouse: Versions prior to 1.2.0.0.

Updated versions of these products have been released, and Dell strongly advises customers to upgrade to the latest versions immediately. For detailed guidance, refer to Dell’s support resources, including KB Article 000231116.

Given the critical severity of these vulnerabilities, organizations are urged to prioritize patching their systems.

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply