Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000194836


DSA-2021-271: Dell EMC Unity, Dell EMC Unity VSA, and Dell EMC Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article Content


Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43589 Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
 
Third-party Component CVEs More Information
bind  CVE-2021-25214           See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
 
CVE-2021-25215
curl CVE-2021-22876
CVE-2021-22898
dhcp CVE-2021-25217
git CVE-2021-21300
glib2 CVE-2021-27218
CVE-2021-27219
glibc CVE-2019-25013
CVE-2020-29573
CVE-2020-27618
CVE-2020-29562
CVE-2021-3326
gnutls CVE-2021-20231
CVE-2021-20232
libnettle CVE-2021-20305
libX11 CVE-2021-31535
lz4 CVE-2021-3520
mgetty CVE-2018-16741
CVE-2018-16742
CVE-2018-16743
CVE-2018-16744
CVE-2018-16745
mozilla-nspr CVE-2021-23981
CVE-2021-23982
CVE-2021-23984
CVE-2021-23987
nghttp2 CVE-2020-11080
open-iscsi CVE-2020-17437
CVE-2020-17438
CVE-2020-13987
CVE-2020-13988
openldap2 CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
openssl (Unisphere UI) CVE-2021-3712
openssl (NAS Server) CVE-2021-23840
polkit CVE-2021-3560
postgresql10 CVE-2020-25695
CVE-2020-25694
CVE-2020-25696
CVE-2021-32027
CVE-2021-32028
python-tk CVE-2021-3177
CVE-2019-20916
sudo CVE-2021-3156
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-43589 Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
 
Third-party Component CVEs More Information
bind  CVE-2021-25214           See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
 
CVE-2021-25215
curl CVE-2021-22876
CVE-2021-22898
dhcp CVE-2021-25217
git CVE-2021-21300
glib2 CVE-2021-27218
CVE-2021-27219
glibc CVE-2019-25013
CVE-2020-29573
CVE-2020-27618
CVE-2020-29562
CVE-2021-3326
gnutls CVE-2021-20231
CVE-2021-20232
libnettle CVE-2021-20305
libX11 CVE-2021-31535
lz4 CVE-2021-3520
mgetty CVE-2018-16741
CVE-2018-16742
CVE-2018-16743
CVE-2018-16744
CVE-2018-16745
mozilla-nspr CVE-2021-23981
CVE-2021-23982
CVE-2021-23984
CVE-2021-23987
nghttp2 CVE-2020-11080
open-iscsi CVE-2020-17437
CVE-2020-17438
CVE-2020-13987
CVE-2020-13988
openldap2 CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
openssl (Unisphere UI) CVE-2021-3712
openssl (NAS Server) CVE-2021-23840
polkit CVE-2021-3560
postgresql10 CVE-2020-25695
CVE-2020-25694
CVE-2020-25696
CVE-2021-32027
CVE-2021-32028
python-tk CVE-2021-3177
CVE-2019-20916
sudo CVE-2021-3156
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Products Affected Versions Updated Versions Link to Update
All of the above Dell EMC Unity Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell EMC UnityVSA Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007
Dell EMC Unity XT Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007
CVEs Addressed Products Affected Versions Updated Versions Link to Update
All of the above Dell EMC Unity Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell EMC UnityVSA Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007
Dell EMC Unity XT Operating Environment (OE) Before 5.1.2.0.5.007 5.1.2.0.5.007

Workarounds and Mitigations

None.

Revision History

RevisionDateMore Information
1.02021-12-29Initial Release
1.12022-01-05Minor update to CVE Identifier field. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product
Dell EMC Unity, Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480 , Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition ...
Last Published Date

06 Jan 2022

Version

4

Article Type

Dell Security Advisory