CVE-2024-37143
CVSS 3.1 Score 10.0 of 10 (high)
Details
Summary
CVE-2024-37143 is a newly disclosed vulnerability affecting various Dell products. Affected versions of Dell PowerFlex appliances, PowerFlex rack systems, PowerFlex Manager, Dell InsightIQ, and Dell Data Lakehouse all contain an Improper Link Resolution Before File Access issue. This vulnerability allows an unauthenticated attacker with remote access to potentially execute arbitrary code on these systems, making them a significant security risk. Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom nodes using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 are all vulnerable to this attack. It is highly recommended that users of these Dell products upgrade to the latest versions as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.