Primary

Context

Dell ECS and ObjectScale Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Patched

A vulnerability exists in Dell ECS versions prior to 3.8.1.5 and ObjectScale version 4.0.0.0, allowing an unauthenticated attacker with local access to exploit hard-coded cryptographic keys. This could lead to unauthorized access. The vulnerability affects only those ECS versions upgraded to 3.8.1.5 or ObjectScale versions upgraded to 4.0.0.0.

Impact

Exploitation could result in unauthorized access to the affected system.

Remediation

Users should upgrade to ECS version 3.8.1.5 or ObjectScale version 4.0.0.0, then rotate the SSH keys as documented in Dell Knowledge Base article 000339248.

Added: Aug 4, 2025, 7:29 PM

Updated: Aug 4, 2025, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

3.5

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell ECS and ObjectScale Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dell ECS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating