CVE-2024-37144
First published: Tue Dec 10 2024(Updated: )
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell PowerFlex appliance | <IC 46.381.00<IC 46.376.00 | |
| Dell PowerFlex 755 | <RCM 3.8.1.0<RCM 3.7.6.0 | |
| Dell PowerFlex Manager | <4.6.1.0 | |
| Dell Isilon InsightIQ | <5.1.1 | |
| Dell Data Lakehouse | <1.2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-37144?
CVE-2024-37144 is considered a critical vulnerability that could lead to unauthorized access.
How do I fix CVE-2024-37144?
To fix CVE-2024-37144, update your Dell PowerFlex appliance to versions IC 46.381.00 or IC 46.376.00.
Which products are affected by CVE-2024-37144?
CVE-2024-37144 affects Dell PowerFlex appliance, PowerFlex rack, PowerFlex Manager, InsightIQ, and Data Lakehouse versions prior to their specified updates.
Are there specific versions of PowerFlex Manager that are vulnerable in CVE-2024-37144?
Yes, PowerFlex Manager versions prior to 4.6.1.0 are vulnerable to CVE-2024-37144.
Is there a way to check if my Dell products are vulnerable to CVE-2024-37144?
You can check the version of your affected Dell products against the specified non-vulnerable versions to determine if they are impacted by CVE-2024-37144.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell powerflex appliance
- canonical/dell powerflex 755
- canonical/dell powerflex manager
- canonical/dell isilon insightiq
- canonical/dell data lakehouse