DSA-2022-147: DELL EMC PowerFlex 15G-Based Custom Node, 14G-Based VxFlex Ready Node, and 13G-Based ScaleIO Ready Node Security Update for iDRAC-Based Vulnerabilities

Summary: Remediation is available for iDRAC security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Component CVEs More Information
iDRAC CVE-2022-24423 Dell article 198064, DSA-2022-069: Dell iDRAC8 Security Update for a Denial of Service Vulnerability
CVE-2022-0778 Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability
Component CVEs More Information
iDRAC CVE-2022-24423 Dell article 198064, DSA-2022-069: Dell iDRAC8 Security Update for a Denial of Service Vulnerability
CVE-2022-0778 Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 R650 and R750 Custom Node iDRAC versions before 5.10.30.00 5.10.30.00 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-0778 R640, R740, and R840 VxFlex Ready Node iDRAC versions before 5.10.30.00 5.10.30.00 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-0778 R630 and R730xd ScaleIO Ready Node  iDRAC versions before 2.83.83.83 2.83.83.83 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-24423
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 R650 and R750 Custom Node iDRAC versions before 5.10.30.00 5.10.30.00 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-0778 R640, R740, and R840 VxFlex Ready Node iDRAC versions before 5.10.30.00 5.10.30.00 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-0778 R630 and R730xd ScaleIO Ready Node  iDRAC versions before 2.83.83.83 2.83.83.83 Downloads (in case of upgrade using OME)
Documents (in case of manual upgrade)
CVE-2022-24423

Revision History

RevisionDateDescription
1.02022-06-22Initial release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

VxFlex Ready Nodes, PowerFlex custom node, ScaleIO, PowerFlex custom node, PowerFlex custom node R650, PowerFlex custom node R750, Product Security Information, VxFlex Ready Node, VxFlex Ready Node R640, VxFlex Ready Node R740xd, Ready Node Series , VxFlex Ready Node R840 ...
Article Properties
Article Number: 000200861
Article Type: Dell Security Advisory
Last Modified: 22 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.