Dell Product Security Update Advisory (CVE-2024-25943)

Overview

 

Dell has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-25943

  • iDRAC9 Generation 14: ~ 7.00.00.172 (excluded)
  • iDRAC9 Generation 15 and 16: ~ 7.10.50.00 (excluded)

     

Resolved Vulnerabilities

Session hijacking vulnerability that could allow arbitrary code execution (CVE-2024-25943)

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-25943

  • iDRAC9 Generation 14: version 7.00.00.172 or later
  • iDRAC9 Generation 15, 16: version 7.10.50.00 or later

 

Referenced Sites

[1] CVE-2024-25943 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-25943

[2] DSA-2024-099: Security Update for Dell iDRAC9 IPMI session Vulnerability

https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability

Article Link: Dell Product Security Update Advisory (CVE-2024-25943) – ASEC