DSA-2021-173: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities

Oversigt: Dell EMC VxFlex Ready Node contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

High

Oplysninger

Component CVE(s) More information
Intel BIOS for VxFlex 14G nodes (R640\R740xd\R840) CVE-2020-24511  
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell EMC iDRAC for 14G VxFlex Ready nodes (R640\R740xd\R840) CVE-2021-21576  
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
Dell EMC iDRAC for 13G ScaleIO Ready nodes (R630\R730xd) CVE-2021-21580  
CVE-2021-36301
VMWare ESXi CVE-2021-21994 Workaround: See VMware article KB1025757
CVE-2021-21995 Workaround: See VMware articleKB76372
Component CVE(s) More information
Intel BIOS for VxFlex 14G nodes (R640\R740xd\R840) CVE-2020-24511  
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell EMC iDRAC for 14G VxFlex Ready nodes (R640\R740xd\R840) CVE-2021-21576  
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
Dell EMC iDRAC for 13G ScaleIO Ready nodes (R630\R730xd) CVE-2021-21580  
CVE-2021-36301
VMWare ESXi CVE-2021-21994 Workaround: See VMware article KB1025757
CVE-2021-21995 Workaround: See VMware articleKB76372
Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2020-24511 Dell EMC VxFlex Ready Node(14G) 14G nodes: R640, R740xd & R840 Firmware matrix prior to DTK and OME packages from December 2020
 		 DTK and OME packages from June 2021 or later Dell EMC VxFlex Ready Node firmware update tools:
VxFlex Ready Node Drivers & Downloads

File(s) Name Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: VxFlex Ready Node Drivers & Downloads

 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-21576
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
CVE-2021-21580  DELL EMC ScaleIO Ready Node (13G) 13G nodes: R630, R730xd
Firmware matrix prior to DTK and OME packages from June 2021
 		 DTK and OME packages from June 2021 or later Dell EMC VxFlex Ready Node firmware update tools: ScaleIO Ready Node-PowerEdge 13G Drivers & Downloads

File(s) Name: Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: VxFlex Ready Node Drivers & Downloads
CVE-2021-36301
CVE-2020-24511 Dell EMC VxFlex Ready Node AMS managed Nodes 13G nodes: R630, R730xd
14G nodes: R640, R740xd & R840		 Automated Upgrade AMS release with this firmware is Part of 3.0.1.6 release.
Note: iDRAC upgrade is done manually post upgrade
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-21576
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
CVE-2021-21994 Dell EMC VxFlex Ready Node OS matrix 7.0 1d and below
6.7 EP18 and below
6.5 EP23 and below		 ESXi 7.0 Update 2a
ESXi 6.7 P05
 		 May 2021
Note: ESXi 6.5 was removed from VxFlex Ready Node OS matrix since June 2021
CVE-2021-21995
CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2020-24511 Dell EMC VxFlex Ready Node(14G) 14G nodes: R640, R740xd & R840 Firmware matrix prior to DTK and OME packages from December 2020
 		 DTK and OME packages from June 2021 or later Dell EMC VxFlex Ready Node firmware update tools:
VxFlex Ready Node Drivers & Downloads

File(s) Name Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: VxFlex Ready Node Drivers & Downloads

 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-21576
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
CVE-2021-21580  DELL EMC ScaleIO Ready Node (13G) 13G nodes: R630, R730xd
Firmware matrix prior to DTK and OME packages from June 2021
 		 DTK and OME packages from June 2021 or later Dell EMC VxFlex Ready Node firmware update tools: ScaleIO Ready Node-PowerEdge 13G Drivers & Downloads

File(s) Name: Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: VxFlex Ready Node Drivers & Downloads
CVE-2021-36301
CVE-2020-24511 Dell EMC VxFlex Ready Node AMS managed Nodes 13G nodes: R630, R730xd
14G nodes: R640, R740xd & R840		 Automated Upgrade AMS release with this firmware is Part of 3.0.1.6 release.
Note: iDRAC upgrade is done manually post upgrade
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
CVE-2021-21576
CVE-2021-21577 
CVE-2021-21578 
CVE-2021-21579 
CVE-2021-21580 
CVE-2021-36301
CVE-2021-21581
CVE-2021-36299
CVE-2021-21994 Dell EMC VxFlex Ready Node OS matrix 7.0 1d and below
6.7 EP18 and below
6.5 EP23 and below		 ESXi 7.0 Update 2a
ESXi 6.7 P05
 		 May 2021
Note: ESXi 6.5 was removed from VxFlex Ready Node OS matrix since June 2021
CVE-2021-21995

Løsninger og afhjælpninger

Revisionshistorik

RevisionDateDescription
1.02021-10-26Initial Release

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

iDRAC9, VxFlex Ready Nodes, Product Security Information, VxFlex Ready Node, ScaleIO Ready Node-PowerEdge 13G, VxFlex Ready Node R640, VxFlex Ready Node R740xd, VxFlex Ready Node R840
Artikelegenskaber
Artikelnummer: 000192818
Artikeltype: Dell Security Advisory
Senest ændret: 26 okt. 2021
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.