DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.

Επηρεαζόμενα προϊόντα και αποκατάσταση

Επηρεαζόμενα προϊόντα

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.

Δείτε άλλους πόρους

Impact

Critical

Details

Third-Party Component	CVEs	More Information
Dell PowerEdge BIOS	CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2022-36763, CVE-2022-36764, CVE-2023-32460, CVE-2024-0172	DSA-2023-357, DSA-2023-361, DSA-2024-035, INTEL-SA-00828, INTEL-SA-00813

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Επηρεαζόμενα προϊόντα και αποκατάσταση

CVEs	Product	Software/Firmware	Affected versions	Remediated Versions	Link
CVE-2022-36763, CVE-2022-36764	Isilon A200	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon A2000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Archive A300	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Archive A3000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H400	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H500	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H5600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Hybrid H700	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Hybrid H7000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale B100	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F200	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764,	Isilon F800	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F900	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale P100	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area

CVEs	Product	Software/Firmware	Affected versions	Remediated Versions	Link
CVE-2022-36763, CVE-2022-36764	Isilon A200	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon A2000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Archive A300	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Archive A3000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H400	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H500	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764	Isilon H5600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Hybrid H700	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982	PowerScale Hybrid H7000	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale B100	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F200	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F600	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764,	Isilon F800	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale F900	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172	PowerScale P100	PowerScale Node Firmware Package	Versions prior to 12.1	Version 12.1 or later	PowerScale OneFS Downloads Area

To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.1 Release Notes (dell.com).

Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.

Λύσεις και μετριασμοί

CVE	Workaround/Mitigations
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237	The critical CVEs are only applicable to PowerScale platforms with iDRAC, that have been configured to use PXE boot.

Revision History

Revision	Date	Description
1.0	2024-03-04	Initial Release
2.0	2024-04-10	Added CVE-2024-0172 to the DSA
3.0	2024-04-12	Updated for enhanced presentation with no changes to content

Related Information

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710 , PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100 ...

Προϊόντα

PowerScale OneFS

Article Number: 000222692

Article Type: Dell Security Advisory

Τελευταία τροποποίηση: 19 Σεπ 2025

Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.

DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.

Impact

Details

Επηρεαζόμενα προϊόντα και αποκατάσταση

Λύσεις και μετριασμοί

Revision History

Σχετικές πληροφορίες

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

Impact

Details

Επηρεαζόμενα προϊόντα και αποκατάσταση

Λύσεις και μετριασμοί

Revision History

Related Information

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

Προϊόντα

Ιδιότητες άρθρου

Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell

Υπηρεσίες υποστήριξης

Ιδιότητες άρθρου

Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell

Υπηρεσίες υποστήριξης

DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.

Λεπτομερές άρθρο

Impact

Details

Επηρεαζόμενα προϊόντα και αποκατάσταση

Λύσεις και μετριασμοί

Revision History

Related Information

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

Προϊόντα

Ιδιότητες άρθρου

Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell

Υπηρεσίες υποστήριξης

Ιδιότητες άρθρου

Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell

Υπηρεσίες υποστήριξης