DSA-2023-114 : Security Update for Dell Avamar Data Store Gen5a Vulnerabilities

Summary: Dell Avamar Data Store Gen5a remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Third-party Component CVEs More Information
OpenSSL CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
EDK2 CVE-2021-38578 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
PowerEdge Server BIOS
CVE-2023-25537		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
iDRAC9 CVE-2022-44640 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Intel BIOS Firmware CVE-2022-32231, CVE-2022-26343 INTEL-SA-00717This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2021-38578, CVE-2023-25537, CVE-2022-44640, CVE-2022-32231, CVE-2022-26343 Dell Avamar Data Store Gen5a PowerEdge Server BIOS Dell Avamar Data Store Gen5a with BIOS version prior to 2.18.1 Dell Avamar Data Store Gen5a May 2023 firmware with BIOS version 2.18.1 Customers should contact Dell support to install the Firmware release: https://www.dell.com/support/home
CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2021-38578, CVE-2023-25537, CVE-2022-44640, CVE-2022-32231, CVE-2022-26343 Dell Avamar Data Store Gen5a PowerEdge Server BIOS Dell Avamar Data Store Gen5a with BIOS version prior to 2.18.1 Dell Avamar Data Store Gen5a May 2023 firmware with BIOS version 2.18.1 Customers should contact Dell support to install the Firmware release: https://www.dell.com/support/home
1. Certain old BIOS firmware versions may fail to upgrade:
  • Attempting to update BIOS version 2.4.8 to 2.18.1 is known to fail.
  • Attempting to update BIOS version 2.9.4 to 2.18.1 is known to fail.
2. Remedy:
  • If the BIOS version is lower than 2.12.2, then contact Dell Customer Support to apply the “September 2021 firmware block AVP(Gen5SepBlk333476.avp)”, before attempting to update to the May 2023 firmware block release.
  • To know the BIOS version, run the following command as admin/root user in the Avamar console.
    • “omreport system version”

Revision History

RevisionDateDescription
1.02023-09-26Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Avamar, Avamar, Avamar Data Store, Avamar Data Store Gen5A, Avamar Server, Product Security Information
Article Properties
Article Number: 000218008
Article Type: Dell Security Advisory
Last Modified: 09 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.