cbcvebase.
CVE-2024-37143
published 2024-12-10

CVE-2024-37143: Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
50.9th percentile
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Affected

13 ranges
VendorProductVersion rangeFixed in
delldata_lakehouse< 1.2.0.01.2.0.0
delldell_data_lakehouse>= N/A < 1.2.0.01.2.0.0
delldell_insightiq>= N/A < 5.1.15.1.1
delldell_powerflex_appliance>= N/A < 46.381.0046.381.00
delldell_powerflex_appliance>= N/A < 46.376.0046.376.00
delldell_powerflex_custom_node>= N/A < 4.6.1.04.6.1.0
delldell_powerflex_rack>= N/A < 3.8.1.03.8.1.0
delldell_powerflex_rack>= N/A < 3.7.6.03.7.6.0
dellinsightiq< 5.1.15.1.1
dellpowerflex_appliance_intelligent_catalog< 46.376.0046.376.00
dellpowerflex_manager< 4.6.1.04.6.1.0
dellpowerflex_rack_release_certification_matrix>= 3.7.0.0 < 3.7.6.03.7.6.0
dellpowerflex_rack_release_certification_matrix>= 3.8.0.0 < 3.8.1.03.8.1.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.