Article Number: 000184747

DSA-2021-065: Dell PowerFlex rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Third-Party Component	CVE(s)	More information
vCenter Server	CVE-2021-21972	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
vCenter Server	CVE-2021-21973
VMware ESXi	CVE-2021-21974
Embedded OS	CVE-2020-14372	Grub2 vulnerabilities: https://access.redhat.com/errata/RHSA-2021:0701?sc_cid=701600000006NHXAA2
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
Cisco Nexus	CVE-2021-1361	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
Cisco Nexus	CVE-2020-1971	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93970

Third-Party Component	CVE(s)	More information
vCenter Server	CVE-2021-21972	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
vCenter Server	CVE-2021-21973
VMware ESXi	CVE-2021-21974
Embedded OS	CVE-2020-14372	Grub2 vulnerabilities: https://access.redhat.com/errata/RHSA-2021:0701?sc_cid=701600000006NHXAA2
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
Cisco Nexus	CVE-2021-1361	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
Cisco Nexus	CVE-2020-1971	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93970

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs	Product	Affected RCM Versions	Updated RCM Versions	Link to Update
CVE-2021-1361	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2020-1971	PowerFlex rack	Versions prior to 3.3.9.2	Upgrade to RCM versions below.
CVE-2020-1971	PowerFlex rack	Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21972	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21973
CVE-2021-21974
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

CVEs	Product	Affected RCM Versions	Updated RCM Versions	Link to Update
CVE-2021-1361	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2020-1971	PowerFlex rack	Versions prior to 3.3.9.2	Upgrade to RCM versions below.
CVE-2020-1971	PowerFlex rack	Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21972	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21973
CVE-2021-21974
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

Revision History

Revision	Date	Description
1.0	2021-3-30	Initial Release

DSA-2021-065: Dell PowerFlex rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2021-065: Dell PowerFlex rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Product

Last Published Date

Version

Article Type