CVE-2024-37143

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 59

Summary

CVE-2024-37143 is a newly disclosed vulnerability affecting various Dell products. Affected versions of Dell PowerFlex appliances, PowerFlex rack systems, PowerFlex Manager, Dell InsightIQ, and Dell Data Lakehouse all contain an Improper Link Resolution Before File Access issue. This vulnerability allows an unauthenticated attacker with remote access to potentially execute arbitrary code on these systems, making them a significant security risk. Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom nodes using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 are all vulnerable to this attack. It is highly recommended that users of these Dell products upgrade to the latest versions as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share