Impact
High
Details
| Third-party Component |
CVE(s) |
More information |
| Intel |
CVE-2020-0545 |
2020.1 IPU |
| CVE-2020-0548 |
| CVE-2020-0549 |
| VMware ESXi 6.5 |
CVE-2020-3955 |
VMSA-2020-0008 |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at
http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at
http://web.nvd.nist.gov/view/vuln/search.
| Third-party Component |
CVE(s) |
More information |
| Intel |
CVE-2020-0545 |
2020.1 IPU |
| CVE-2020-0548 |
| CVE-2020-0549 |
| VMware ESXi 6.5 |
CVE-2020-3955 |
VMSA-2020-0008 |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at
http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at
http://web.nvd.nist.gov/view/vuln/search.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Affected Products:
Dell EMC PowerFlex rack versions prior to 3.3.8.0
Dell EMC PowerFlex rack versions prior to 3.4.3.0
Dell EMC PowerFlex rack version 3.5.2.1 and earlier
Remediation:
The following Dell EMC PowerFlex rack releases contain a resolution to these vulnerabilities:
- Dell EMC PowerFlex rack 3.3.8.0
- Dell EMC PowerFlex rack 3.4.3.0
The above RCM contains:
- VMware ESXi 6.5 patches to address Stored Cross-Site Scripting (XSS) vulnerability - 6.5 Update 3 Patch 04 (Build 15256549) for VMware vulnerability under VMSA-2020-0008
- Dell server BIOS version 2.6.4 to address CVE-2020-0545, CVE-2020-0548, CVE-2020-0549 for Intel vulnerabilities under Intel INTEL-SA-00329, Intel-SA-0295
For Dell EMC PowerFlex rack 3.5.x, the DSA will be updated when 3.5.3.1 becomes available.
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
For RCM download:
Affected Products:
Dell EMC PowerFlex rack versions prior to 3.3.8.0
Dell EMC PowerFlex rack versions prior to 3.4.3.0
Dell EMC PowerFlex rack version 3.5.2.1 and earlier
Remediation:
The following Dell EMC PowerFlex rack releases contain a resolution to these vulnerabilities:
- Dell EMC PowerFlex rack 3.3.8.0
- Dell EMC PowerFlex rack 3.4.3.0
The above RCM contains:
- VMware ESXi 6.5 patches to address Stored Cross-Site Scripting (XSS) vulnerability - 6.5 Update 3 Patch 04 (Build 15256549) for VMware vulnerability under VMSA-2020-0008
- Dell server BIOS version 2.6.4 to address CVE-2020-0545, CVE-2020-0548, CVE-2020-0549 for Intel vulnerabilities under Intel INTEL-SA-00329, Intel-SA-0295
For Dell EMC PowerFlex rack 3.5.x, the DSA will be updated when 3.5.3.1 becomes available.
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
For RCM download:
Workarounds and Mitigations
None.
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
PowerFlex rack, Product Security Information, PowerFlex Software, VxFlex Product Family