Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000199050

DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2022-29084	Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere UI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085	Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.	6.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22564	Dell Unity versions before 5.2.0.0.5.173 use broken cryptographic algorithms. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Third-party Component	CVEs	More Information
Aide	CVE-2021-45417	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
Apache2	CVE-2021-33193
	CVE-2021-34798
	CVE-2021-36160
	CVE-2021-39275
	CVE-2021-40438
	CVE-2022-22719
	CVE-2022-22720
	CVE-2022-22721
	CVE-2022-23943
Apache-tomcat	CVE-2021-25122
	CVE-2021-25329
	CVE-2021-30639
	CVE-2021-30640
	CVE-2021-33037
	CVE-2021-41079
	CVE-2021-42340
Avahi	CVE-2021-3468
cyrus-sasl	CVE-2022-24407
Dell BSAFE™ Micro Edition Suite	CVE-2020-5359	See Dell KB article 181098: DSA-2020-114: Dell BSAFE Micro Edition Suite Multiple Security Vulnerabilities for individual scores for each CVE
Dell BSAFE™ Micro Edition Suite	CVE-2020-5360
Docker, containerd, runc	CVE-2021-30465	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
	CVE-2021-32760
	CVE-2021-41089
	CVE-2021-41091
	CVE-2021-41092
	CVE-2021-41103
Expat	CVE-2021-45960
	CVE-2021-46143
	CVE-2022-22822
	CVE-2022-22823
	CVE-2022-22824
	CVE-2022-22825
	CVE-2022-22826
	CVE-2022-22827
	CVE-2022-23852
	CVE-2022-23990
	CVE-2022-25235
	CVE-2022-25236
	CVE-2022-25313
	CVE-2022-25314
	CVE-2022-25315
Glibc	CVE-2021-33574
Glibc	CVE-2021-35942
json-c	CVE-2020-12762
Kernel	CVE-2021-40490
Libesmtp	CVE-2019-19977
net-snmp	CVE-2018-18065
net-snmp	CVE-2020-15862
OpenSSL (Unisphere UI)	CVE-2022-0778
p11-kit	CVE-2020-29361
Polkit	CVE-2021-4034
python3	CVE-2021-3426
	CVE-2021-3733
	CVE-2021-3737
sqlite3	CVE-2015-3414
	CVE-2015-3415
	CVE-2019-19244
	CVE-2019-19317
	CVE-2019-19603
	CVE-2019-19645
	CVE-2019-19646
	CVE-2019-19880
	CVE-2019-19923
	CVE-2019-19924
	CVE-2019-19925
	CVE-2019-19926
	CVE-2019-19959
	CVE-2019-20218
	CVE-2020-13434
	CVE-2020-13435
	CVE-2020-13630
	CVE-2020-13631
	CVE-2020-13632
	CVE-2020-15358
	CVE-2020-9327
Tcpdump	CVE-2018-16301
tiff	CVE-2017-17095
	CVE-2019-17546
	CVE-2020-19131
	CVE-2020-35521
	CVE-2020-35522
	CVE-2020-35523
	CVE-2020-35524
	CVE-2022-22844
ucode-intel	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-24513
	CVE-2021-0127
	CVE-2021-0145
	CVE-2021-0146
	CVE-2021-33120
Vim	CVE-2021-3778
	CVE-2021-3796
	CVE-2021-3872
	CVE-2021-3927
	CVE-2021-3928
	CVE-2021-3984
	CVE-2021-4019
	CVE-2021-4193
	CVE-2021-46059
	CVE-2022-0319
	CVE-2022-0351
	CVE-2022-0361
	CVE-2022-0413
xerces-s	CVE-2018-1311

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2022-29084	Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere UI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085	Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.	6.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22564	Dell Unity versions before 5.2.0.0.5.173 use broken cryptographic algorithms. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Third-party Component	CVEs	More Information
Aide	CVE-2021-45417	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
Apache2	CVE-2021-33193
	CVE-2021-34798
	CVE-2021-36160
	CVE-2021-39275
	CVE-2021-40438
	CVE-2022-22719
	CVE-2022-22720
	CVE-2022-22721
	CVE-2022-23943
Apache-tomcat	CVE-2021-25122
	CVE-2021-25329
	CVE-2021-30639
	CVE-2021-30640
	CVE-2021-33037
	CVE-2021-41079
	CVE-2021-42340
Avahi	CVE-2021-3468
cyrus-sasl	CVE-2022-24407
Dell BSAFE™ Micro Edition Suite	CVE-2020-5359	See Dell KB article 181098: DSA-2020-114: Dell BSAFE Micro Edition Suite Multiple Security Vulnerabilities for individual scores for each CVE
Dell BSAFE™ Micro Edition Suite	CVE-2020-5360
Docker, containerd, runc	CVE-2021-30465	See NVD (http://nvd.nist.gov/ ) for individual scores for each CVE.
	CVE-2021-32760
	CVE-2021-41089
	CVE-2021-41091
	CVE-2021-41092
	CVE-2021-41103
Expat	CVE-2021-45960
	CVE-2021-46143
	CVE-2022-22822
	CVE-2022-22823
	CVE-2022-22824
	CVE-2022-22825
	CVE-2022-22826
	CVE-2022-22827
	CVE-2022-23852
	CVE-2022-23990
	CVE-2022-25235
	CVE-2022-25236
	CVE-2022-25313
	CVE-2022-25314
	CVE-2022-25315
Glibc	CVE-2021-33574
Glibc	CVE-2021-35942
json-c	CVE-2020-12762
Kernel	CVE-2021-40490
Libesmtp	CVE-2019-19977
net-snmp	CVE-2018-18065
net-snmp	CVE-2020-15862
OpenSSL (Unisphere UI)	CVE-2022-0778
p11-kit	CVE-2020-29361
Polkit	CVE-2021-4034
python3	CVE-2021-3426
	CVE-2021-3733
	CVE-2021-3737
sqlite3	CVE-2015-3414
	CVE-2015-3415
	CVE-2019-19244
	CVE-2019-19317
	CVE-2019-19603
	CVE-2019-19645
	CVE-2019-19646
	CVE-2019-19880
	CVE-2019-19923
	CVE-2019-19924
	CVE-2019-19925
	CVE-2019-19926
	CVE-2019-19959
	CVE-2019-20218
	CVE-2020-13434
	CVE-2020-13435
	CVE-2020-13630
	CVE-2020-13631
	CVE-2020-13632
	CVE-2020-15358
	CVE-2020-9327
Tcpdump	CVE-2018-16301
tiff	CVE-2017-17095
	CVE-2019-17546
	CVE-2020-19131
	CVE-2020-35521
	CVE-2020-35522
	CVE-2020-35523
	CVE-2020-35524
	CVE-2022-22844
ucode-intel	CVE-2020-24489
	CVE-2020-24511
	CVE-2020-24512
	CVE-2020-24513
	CVE-2021-0127
	CVE-2021-0145
	CVE-2021-0146
	CVE-2021-33120
Vim	CVE-2021-3778
	CVE-2021-3796
	CVE-2021-3872
	CVE-2021-3927
	CVE-2021-3928
	CVE-2021-3984
	CVE-2021-4019
	CVE-2021-4193
	CVE-2021-46059
	CVE-2022-0319
	CVE-2022-0351
	CVE-2022-0361
	CVE-2022-0413
xerces-s	CVE-2018-1311

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Products	Affected Versions	Updated Versions	Link to Update
Dell Unity Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173	https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173
Dell Unity XT Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173

Products	Affected Versions	Updated Versions	Link to Update
Dell Unity Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173	https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173
Dell Unity XT Operating Environment (OE)	Before 5.2.0.0.5.173	5.2.0.0.5.173

Revision History

Revision	Date	More Information
1.0	2022-04-29	Initial Release
2.0	2023-02-14	Added CVE-2022-22564 to Details Section.

Related Information

Legal Information

Article Properties

Affected Product

Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Product

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F

DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Product

Last Published Date

Version

Article Type