Dell response to the Ripple20 vulnerabilities


Dell response to the Ripple20 vulnerabilities


CVE IDs field: CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914


Issue Summary

Dell is aware of the Treck, Inc vulnerabilities referred to as "Ripple20." The security of our products is critical to helping ensure our customers’ data and systems are protected. We are working to understand possible impact. If impacted, security updates or mitigations will be communicated at https://www.dell.com/support/security as they become available and will be linked into this notice.

Please refer to the following resources for additional information regarding the impact of these vulnerabilities on Dell and Dell EMC products.

Dell and Dell EMC security advisories and impact statements

Dell EMC Servers

Dell EMC Servers are not impacted by the vulnerabilities existing in the Treck TCP/IP Stack referred to as "Ripple20".

Dell Client Platforms

Dell has released updates for multiple vulnerabilities existing in the Treck TCP/IP Stack referred to as "Ripple20" in an Intel component (INTEL-SA-00295) used within Dell Client Platforms. Customers can review the Dell Security Advisory (DSA-2020-143) for affected products, versions and additional information.

Dell has released updates for multiple vulnerabilities existing in the Treck TCP/IP Stack referred to as "Ripple20" in Teradici firmware and remote workstation cards used within Dell Precision platforms and Dell Wyse Zero Client products. Customers can review the Dell Security Advisory (DSA-2020-150) for affected products, versions and additional information.

We encourage customers to update their systems to the latest firmware versions as soon as possible. If we discover any other products are impacted, we will communicate security updates or mitigations here as they become available.


Dell EMC Data Protection

Dell EMC Data Protection products are not impacted by the vulnerabilities existing in the Treck TCP/IP stack referred to as "Ripple20".


Dell EMC Networking

Dell EMC Networking products are not impacted by the vulnerabilities existing in the Treck TCP/IP Stack referred to as "Ripple20".

Dell EMC Storage

With the exception of the Dell EMC PowerFlex Rack products still under review, Dell EMC Storage products are not impacted by the vulnerabilities existing in the Treck TCP/IP Stack referred to as "Ripple20".

This statement will be updated as the remaining, outstanding impact assessments are completed.


Dell Converged Infrastructure and Hyperconverged Infrastructure

Dell Converged Infrastructure and Hyperconverged Infrastructure products are under review.







Article ID: SLN321836

Last Date Modified: 09/01/2020 02:43 PM

Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.