Full Report
Dell security advisory (AV26-263)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Dell Networking, Data Protection, and Gateway Products (AV26-263)
## CVE Details
*Note: The primary advisory (AV26-263) summarizes three separate Dell security advisories (DSA). Specific CVEs tied to the underlying third-party components (Apache Tomcat, rsync, and various 3rd party libs) are detailed within the individual DSAs.*
- **CVE ID:** Multiple (Including Apache Tomcat and rsync related CVEs)
- **CVSS Score:** Range from Med to High (Specific scores vary by component)
- **CWE:** Multiple (Including improper input validation and resource management)
## Affected Systems
- **Products:**
- Dell Policy Manager for Secure Connect Gateway (Appliance)
- Dell NetWorker
- Dell PowerSwitch Z9664F-ON
- **Versions:**
- **Policy Manager:** Versions prior to 5.32.00.18
- **NetWorker:** Version 19.14 and versions 19.9 through 19.13.0.2
- **PowerSwitch Z9664F-ON:** Versions prior to 3.54.5.1-11
- **Configurations:** Systems utilizing default third-party components (Apache Tomcat, rsync) within these environments.
## Vulnerability Description
These vulnerabilities stem from the integration of outdated or vulnerable third-party components within Dell products:
1. **NetWorker:** Vulnerable versions of Apache Tomcat are integrated, which may allow for unauthorized access or denial-of-service.
2. **PowerSwitch:** Vulnerabilities in the `rsync` utility used within the networking OS.
3. **Secure Connect Gateway:** Multiple critical third-party library vulnerabilities impacting the Policy Manager appliance.
## Exploitation
- **Status:** Not exploited (No reported "in the wild" exploitation mentioned in the advisory; however, these are known third-party vulnerabilities).
- **Complexity:** Low to Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** Moderate to High
- **Integrity:** Moderate to High
- **Availability:** Moderate to High
## Remediation
### Patches
Dell recommends upgrading to the following versions or higher:
- **Dell Policy Manager for Secure Connect Gateway:** Upgrade to version **5.32.00.18**.
- **Dell NetWorker:** Apply updates specified in **DSA-2026-057**.
- **Dell PowerSwitch Z9664F-ON:** Upgrade to version **3.54.5.1-11**.
### Workarounds
- No specific workarounds are provided in the high-level advisory. General best practices include restricting network access to management interfaces and disabling unused services (e.g., rsync) where applicable.
## Detection
- **Indicators of Compromise:** Unusual activity in Apache Tomcat logs; unexpected rsync processes or network traffic on management ports.
- **Detection methods and tools:** Vulnerability scanners (Nessus, Qualys, etc.) can be used to identify the version strings of the affected Dell products and the underlying Tomcat/rsync versions.
## References
- **Vendor Advisories:**
- hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000440823/dsa-2026-057-security-update-for-dell-networker-apache-tomcat-vulnerabilities
- hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000441046/dsa-2026-140-security-update-for-dell-networking-products-for-rsync-vulnerabilities
- hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000441138/dsa-2026-120-security-update-for-dell-secure-connect-gateway-policy-manager-multiple-third-party-component-vulnerabilities
- **General Resource:** hxxps[://]www[.]dell[.]com/support/security/en-ca