CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-37143

CVSS 10.0v3.1pub. 2024-12-10upd. 2026-01-22

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

🤖 AI Analysis
How it works

The vulnerability consists of improper link resolution before file access — an attacker can manipulate symbolic links or system links in such a way that the system executes or overwrites files in unintended locations. The exploit is possible remotely, without any authentication, making the attack vector exceptionally dangerous. As a result, an attacker can achieve arbitrary code execution (RCE) from the network.

Impact

An attacker can remotely execute arbitrary code on a vulnerable system without authentication, potentially resulting in complete system takeover, breach of data confidentiality and integrity, and disruption of service availability.

Mitigation & patch

Products must be immediately updated to the following versions: Dell PowerFlex Appliance to IC 46.381.00 or IC 46.376.00, Dell PowerFlex Rack to RCM 3.8.1.0 (3.8.x line) or RCM 3.7.6.0 (3.7.x line), Dell PowerFlex Manager to 4.6.1.0, Dell InsightIQ to 5.1.1, Dell Data Lakehouse to 1.2.0.0. Detailed instructions are available in DSA-2024-405 message on Dell Support website.

Who is affected

Dell PowerFlex Appliance versions before IC 46.381.00 and IC 46.376.00; Dell PowerFlex Rack versions before RCM 3.8.1.0 (3.8.x line) and before RCM 3.7.6.0 (3.7.x line); Dell PowerFlex Manager (custom node) versions before 4.6.1.0; Dell InsightIQ versions before 5.1.1; Dell Data Lakehouse versions before 1.2.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Dell Data Lakehouse

    APP
    Dell
    < 1.2.0.0
  • Dell Insightiq

    APP
    Dell
    < 5.1.1
  • Dell Powerflex Appliance Intelligent Catalog

    APP
    Dell
    < 46.376.00
  • Dell Powerflex Manager

    APP
    Dell
    < 4.6.1.0
  • Dell Powerflex Rack Release Certification Matrix

    APP
    Dell
    3.7.0.0 – 3.7.6.0 (bez)3.8.0.0 – 3.8.1.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-46608CRITICAL9.1PL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w Dell Data Lakehouse — Elevation of Privileges

CVE-2026-22283HIGH7.5ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted C...

CVE-2026-35065HIGH8.8ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function...

CVE-2026-32804HIGH8.1ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An u...

CVE-2026-35066HIGH7.1ten sam produkt

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A lo...