Article Number: 000221129
High
This remediation is only applicable if Dell iDRAC Service Module (iSM) for Windows is installed in a custom location other than C:\Program Files\Dell\SysMgt.
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-22428 | Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-22428 | Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|---|
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.3.0.0, A00 | iDRAC Service Module Release Build for Windows, v5.3.0.0 |
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.2.0.0, A00 | iDRAC Service Module Release build for windows, v5.2.0.0 |
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.1.0.0, A00 | iDRAC Service Module Release build for windows, v5.1.0.0 |
CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|---|
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.3.0.0, A00 | iDRAC Service Module Release Build for Windows, v5.3.0.0 |
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.2.0.0, A00 | iDRAC Service Module Release build for windows, v5.2.0.0 |
CVE-2024-22428 | iDRAC Service Module | iSM 5.2.0.0 and prior | iSM 5.2.0.0 and prior | iSM 5.1.0.0, A00 | iDRAC Service Module Release build for windows, v5.1.0.0 |
The hotfix is only applicable to hosts running Microsoft Windows Server and Client operating systems.
This patch is only applicable if Dell iDRAC Service Module (iSM) is installed in a custom location other than the default path: “C:\Program Files\Dell\SysMgt\”
CVE ID | Workaround and Mitigation |
---|---|
CVE-2024-22428 | Install iSM at default location |
Revision | Date | Description |
---|---|---|
1.0 | 2024-01-15 | Initial Release. |
2.0 | 2024-01-16 | Changes to formatting without content changes. |
3.0 | 2024-01-18 | Updated the "Affected Versions" to read 5.2.0.0. |
4.0 | 2024-01-30 | Updated the additional info field to highlight this only applies to specific OSes. |
5.0 | 2024-02-07 | added specific links to hotfix and full download for Windows. |
6.0 | 2024-02-12 | minor formatting changes and URL link spelling update. |
7.0 | 2024-02-13 | formating update without content changes. |
8.0 | 2024-02-16 | Added specific language targeted at Linux-based and ESXi versions of iSM |
9.0 | 2024-02-16 | formatting changes without content changes |
10.0 | 2024-03-07 | Multiple content updates: Summary, additional details, remediation table |
07 Mar 2024
9
Dell Security Advisory