CVE-2024-37143

Name of the Vulnerable Software and Affected Versions: Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00 Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train) Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0 Dell InsightIQ versions prior to 5.1.1 Dell Data Lakehouse versions prior to 1.2.0.0

Description: The issue is related to an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Recommendations: For Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, update to a version that is IC 46.381.00 or later, or IC 46.376.00 or later. For Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train), update to RCM 3.8.1.0 or later. For Dell PowerFlex rack versions prior to RCM 3.7.6.0 (for RCM 3.7.x train), update to RCM 3.7.6.0 or later. For Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, update to version 4.6.1.0 or later. For Dell InsightIQ versions prior to 5.1.1, update to version 5.1.1 or later. For Dell Data Lakehouse versions prior to 1.2.0.0, update to version 1.2.0.0 or later.