Full Report
Dell security advisory (AV26-366)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Dell PowerEdge, Connectrix, and Management Software
## CVE Details
*Note: Due to the high-level nature of the Canadian Centre for Cyber Security (CCCS) summary, specific CVE identifiers and granular CVSS scores are delegated to individual Dell Security Advisories (DSAs).*
- **CVE ID:** Multiple (See DSA references)
- **CVSS Score:** Varies by product (High to Critical based on vendor bulletins)
- **CWE:** Multiple (Including Improper Access Control and Installation vulnerabilities)
## Affected Systems
- **Products & Versions:**
- **Dell AMD-based PowerEdge Servers:** Multiple models and versions.
- **Connectrix Switches and Directors:** Multiple versions (specifically B-Series SANnav).
- **Dell Command | Update:** Versions prior to 5.7.0.
- **Dell PowerProtect Data Domain:** Multiple versions and models.
- **Dell Storage Manager (Replay Manager for Microsoft Servers):** Versions prior to 8.0.3.
## Vulnerability Description
This advisory covers a suite of security flaws across Dell's enterprise hardware and software ecosystem. Key technical issues include:
- **Revenera InstallShield Vulnerability:** Affecting Dell Command | Update, involving flaws in the installation/update engine.
- **Hardware/Firmware Vulnerabilities:** Specific to AMD-based PowerEdge server architectures.
- **Management Software Flaws:** Vulnerabilities in SANnav and Replay Manager that could allow unauthorized access or system compromise.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; PoC status varies by specific CVE.
- **Complexity:** Generally Low to Medium.
- **Attack Vector:** Primarily Network and Local.
## Impact
- **Confidentiality:** High (Potential for unauthorized data access)
- **Integrity:** High (Potential for unauthorized system modification)
- **Availability:** High (Potential for Denial of Service or system instability)
## Remediation
### Patches
Dell recommends updating to the following versions or higher:
- **Dell Command | Update:** Upgrade to version **5.7.0** or later.
- **Dell Storage Manager (Replay Manager):** Upgrade to version **8.0.3** or later.
- **Other Products:** Refer to specific DSA links below for firmware and software microcode updates.
### Workarounds
- Implement strict Network Segmentation for management interfaces (Connectrix, SANnav).
- Limit local administrative privileges to prevent exploitation of InstallShield vulnerabilities.
## Detection
- **Indicators of Compromise:** Monitor for unusual administrative login attempts on PowerProtect and Connectrix interfaces.
- **Detection Methods:** Vulnerability scanners (Nessus, Qualys) should be updated to check for outdated Dell firmware versions and software build numbers mentioned above.
## References
- **DSA-2026-041 (PowerEdge):** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000452216/dsa-2026-041
- **DSA-2026-171 (Connectrix):** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000453015/dsa-2026-171
- **DSA-2026-058 (Storage Manager):** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000453020/dsa-2026-058
- **DSA-2026-190 (Command | Update):** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000451008/dsa-2026-190
- **Dell Security Portal:** hxxps[://]www[.]dell[.]com/support/security/en-ca