Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products

MediaTek, HPE and Dell release advisories to inform customers about potentially serious vulnerabilities found and patched in their products.

Hardware makers MediaTek, HPE and Dell on Monday released advisories to inform customers about potentially serious vulnerabilities found and patched in their products.

Taiwanese semiconductor company MediaTek announced patches for a dozen vulnerabilities, including a critical-severity flaw in the modem component of tens of chipsets that could lead to remote code execution (RCE).

Tracked as CVE-2024-20154, the issue is described as an out-of-bounds write that could be exploited when a device is connected to a rogue base station controlled by the attacker, without user interaction.

MediaTek’s advisory also details seven high-severity bugs that could lead to local escalation of privilege, or RCE if the attacker is adjacent to the vulnerable device.

Dell announced patches for a high-severity defect in its Update Package (DUP) Framework, tracked as CVE-2025-22395 and described as a local escalation of privilege issue that could enable the execution of arbitrary scripts, leading to denial-of-service (DoS) conditions. DUP framework version 22.01.02 resolves the vulnerability.

Additionally, the tech company released fixes for multiple products affected by CVE-2024-52316, an Apache Tomcat vulnerability disclosed in November 2024, which could lead to authentication bypass.

HPE announced patches for multiple flaws in third-party components used in its SAN switches running Brocade Fabric OS (FOS), including high- and medium-severity issues that could lead to escalation of privilege, remote command execution, authentication bypass, DoS, and arbitrary file creation or deletion.

The company’s advisory mentions ten security defects: two publicly disclosed in 2022, four disclosed in 2023, and four identified in 2024. All bugs were fixed in versions 9.2.2, 9.2.1a1, and 9.2.0c of the FOS firmware for HPE B-Series products.

Advertisement. Scroll to continue reading.

Although none of the vendors makes any mention of any of these vulnerabilities being exploited in attacks, users are advised to apply these patches as soon as possible.

Related: ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others

Related: Chrome 131 Update Patches High-Severity Memory Safety Bugs

Related: Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks

Related: 2FA Bypass Vulnerability Patched in cPanel & WebHost Manager

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.