Full Report
Dell security advisory (AV26-554)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in Dell Private Cloud, PowerSwitch, Automation Platform, and VxRail
## CVE Details
- **CVE ID:** Multiple (The advisory refers to cumulative updates addressing various third-party and component-specific vulnerabilities, including AMI MegaRAC SPx13 flaws).
- **CVSS Score:** Varies by component; typical for these bundles range from **7.5 to 10.0** (High to Critical).
- **CWE:** Varies (Includes Improper Input Validation and vulnerabilities in third-party libraries).
## Affected Systems
- **Products:**
- Dell Private Cloud - VMware
- PowerSwitch Z9864F-ON
- Dell Automation Platform
- Dell VxRail Appliance
- **Versions:**
- Dell Private Cloud - VMware: Versions prior to 01.04.00.00
- PowerSwitch Z9864F-ON: Versions prior to v3.5.0
- Dell Automation Platform: Versions prior to 2.1.0.0
- Dell VxRail Appliance: Versions prior to 8.0.390
- **Configurations:** Systems utilizing integrated Dell Remote Access Controller (iDRAC) or BMCs based on AMI MegaRAC SPx13.
## Vulnerability Description
These advisories address a collection of security flaws across several Dell infrastructure products. Key technical issues include:
1. **Third-Party Component Vulnerabilities:** Security gaps within integrated VMware components and other bundled software libraries.
2. **AMI MegaRAC SPx13 Flaws:** Specifically affecting PowerSwitch hardware, these involve vulnerabilities in the Baseboard Management Controller (BMC) firmware, which could allow unauthorized access or remote code execution.
## Exploitation
- **Status:** Not currently reported as exploited in the wild; PoC may exist for underlying third-party components (e.g., AMI MegaRAC or common libraries).
- **Complexity:** Medium to Low (depending on specific CVE).
- **Attack Vector:** Network (primarily).
## Impact
- **Confidentiality:** High (Potential for unauthorized data access).
- **Integrity:** High (Potential for system settings modification or code execution).
- **Availability:** High (Potential for Denial of Service or system bricking).
## Remediation
### Patches
Dell recommends updating to the following versions or later:
- **Dell Private Cloud - VMware:** v01.04.00.00
- **PowerSwitch Z9864F-ON:** v3.5.0
- **Dell Automation Platform:** v2.1.0.0
- **Dell VxRail Appliance:** v8.0.390
### Workarounds
- Isolate Management Networks: Ensure that iDRAC and BMC management interfaces are on a separate, firewalled VLAN and not accessible from the public internet.
- Restrict access to trusted administrators only.
## Detection
- **Indicators of Compromise:** Unusual administrative logins to BMC/iDRAC interfaces, unauthorized configuration changes, or unexpected system reboots.
- **Detection methods and tools:** Use vulnerability scanners to check for outdated firmware versions and audit logs for the affected management controllers.
## References
- **Dell Advisory DSA-2026-242:** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000472451/dsa-2026-242
- **Dell Advisory DSA-2026-252:** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000472774/dsa-2026-252
- **Dell Advisory DSA-2026-244:** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000473583/dsa-2026-244
- **Dell Advisory DSA-2026-245:** hxxps[://]www[.]dell[.]com/support/kbdoc/en-ca/000473635/dsa-2026-245
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/dell-security-advisory-av26-554