Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: MULTIPLE CRITICAL AND HIGH VULNERABILITIES PATCHED BY DELL IN POWERFLEX, POWER MANAGER, INSIGHTIQ, AND DATA LAKEHOUSE, PATCH IMMEDIATELY!
Image
Published : 10/12/2024
Reference:
Advisory #2024-287
Version:
1.0
Affected software:
Dell Data Lakehouse: versions 1.2.0.0
Dell InsightIQ: version 5.1.1
Dell Power Manager (DPM) - version 3.17
Dell PowerFlex appliance version: IC 46.381.00 and IC 46.376.00
Dell PowerFlex custom node using PowerFlex Manager: version 4.6.1.0
Dell PowerFlex rack version: RCM 3.8.1.0 (for RCM 3.8.x train) and RCM 3.7.6.0 (for RCM 3.7.x train)
Type:
Remote Code Execution (RCE) and multiple types
CVE/CVSS:
CVE-2024-37143 :CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-37144: CVSS 8.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVE-2024-49600: CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Dell:
- https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000244438/dsa-2024-439
Risks
- Dell PowerFlex is a software-defined storage (SDS) platform that combines compute and storage resources for high performance and scalability for demanding workloads (databases, analytics, cloud-native applications).
- Dell InsightIQ is a performance monitoring and analytics tool designed to optimize the efficiency of Dell storage systems, such as PowerScale and Isilon, by providing detailed insights into storage usage and system performance.
- Dell Data Lakehouse is a modern data architecture that combines the scalability of data lakes with the performance and management features of data warehouses, enabling unified analytics across structured and unstructured data.
- Dell Power Manager is a software tool that allows users to optimize power consumption, battery life, and thermal management on supported Dell laptops and desktops.
CVE-2024-37143 is a critical vulnerability rated with 10.0. CVE-2024-37144 is rated with 8.2, giving it a high severity. CVE-2024-49600 has a score of 7.8, making it a high vulnerability. All three vulnerabilities have a high impact on the CIA triad. The attack vector of the critical one (CVE-2024-37143) is network, while the attack vector of the other two high vulnerabilities is local. No user interaction is necessary for those vulnerabilities to be exploited.
Description
CVE-2024-37143: An unauthenticated attacker without any privileges can take advantage of the improper link resolution before file access to cause Remote Code Execution (RCE).
CVE-2024-37144: An attacker, can gain unauthorized access to a high privilege user account locally due to the insecure storage of sensitive information.
CVE-2024-49600: An attacker in the local network can cause privilege elevation to a compromised user account and can execute code.
Vendor advisory: https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities and https://www.dell.com/support/kbdoc/en-us/000244438/dsa-2024-439
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Please update to the following versions:
- Dell PowerFlex appliance: version IC 46.381.00 or IC 46.376.00 or later
- Dell PowerFlex rack: version RCM 3.8.1.0 (for RCM 3.8.x train) or RCM 3.7.6.0 (for RCM 3.7.x train) or later
- Dell PowerFlex custom node using PowerFlex Manager: version 4.6.1.0 or later
- Dell InsightIQ: version 5.1.1 or later
- Dell Data Lakehouse: version 1.2.0.0 or later
- Dell Power Manager (DPM): version 3.17 or later
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Mitre - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37143