Advisory No: TZCERT/SA/2024/07/26-5
Date of First Release: 26th July 2024
Source: Dell
Software Affected: Dell EMC, Dell Protection Advisor, Dell VxRail, Dell RecoverPoint
Overview:
Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code on affected devices.
Description:
Multiple third-party components running on Dell EMC Avamar, Dell Protection Advisor, and Dell VxRail, Dell RecoverPoint are vulnerable to critical vulnerabilities. The vulnerabilities in these components may be exploited by the attackers to compromise the affected system.
Impact:
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
Solution:
Dell has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
- https://www.dell.com/support/kbdoc/en-us/000180921/dsa-2020-266-dell-emc-avamar-security-update-for-multiple-components
- https://www.dell.com/support/kbdoc/en-us/000227136/dsa-2024-053-security-update-for-data-protection-advisor-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000226716/dsa-2024-288-security-update-for-dell-vxrail-7-0-521-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities