DSA-2021-094: Dell ECS Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
Third-Party Component |
CVEs | More information |
| OpenSSL | CVE-2020-1971 | NVD - CVE-2020-1971 |
| Dell iDRAC9 | CVE-2021-21539 | |
| CVE-2021-21540 | ||
| CVE-2021-21541 | ||
| CVE-2021-21542 | ||
| CVE-2021-21543 | ||
| CVE-2021-21544 |
Third-Party Component |
CVEs | More information |
| OpenSSL | CVE-2020-1971 | NVD - CVE-2020-1971 |
| Dell iDRAC9 | CVE-2021-21539 | |
| CVE-2021-21540 | ||
| CVE-2021-21541 | ||
| CVE-2021-21542 | ||
| CVE-2021-21543 | ||
| CVE-2021-21544 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2020-1971 | Dell ECS | Versions prior to 3.6.1.1 | 3.6.1.1 | Link to update |
| CVE-2021-21539 | Dell ECS Appliance Hardware Gen3 EX300 ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware |
Versions prior to 4.40.00.00 | 4.40.00.00 or later | Link to update |
| CVE-2021-21540 | ||||
| CVE-2021-21541 | ||||
| CVE-2021-21543 | ||||
| CVE-2021-21544 | ||||
| CVE-2021-21542 | Dell ECS Appliance Hardware Gen3 EX300 Dell ECS Appliance Hardware Gen3 EX500 Dell ECS Appliance Hardware Gen3 EXF900 iDRAC9 firmware |
Versions prior to 4.40.10.00 | 4.40.10.00 | Link to update |
NOTE:
Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
- Customers below 3.6.1.1:
- Upgrade to ECS 3.6.1.1
- Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 EX300/EX500/EXF900 HW Only)
- Customers on 3.6.1.1:
- Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 Ex300/EX500/EXF900 HW Only)
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2020-1971 | Dell ECS | Versions prior to 3.6.1.1 | 3.6.1.1 | Link to update |
| CVE-2021-21539 | Dell ECS Appliance Hardware Gen3 EX300 ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware |
Versions prior to 4.40.00.00 | 4.40.00.00 or later | Link to update |
| CVE-2021-21540 | ||||
| CVE-2021-21541 | ||||
| CVE-2021-21543 | ||||
| CVE-2021-21544 | ||||
| CVE-2021-21542 | Dell ECS Appliance Hardware Gen3 EX300 Dell ECS Appliance Hardware Gen3 EX500 Dell ECS Appliance Hardware Gen3 EXF900 iDRAC9 firmware |
Versions prior to 4.40.10.00 | 4.40.10.00 | Link to update |
NOTE:
Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
- Customers below 3.6.1.1:
- Upgrade to ECS 3.6.1.1
- Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 EX300/EX500/EXF900 HW Only)
- Customers on 3.6.1.1:
- Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 Ex300/EX500/EXF900 HW Only)
Revision History
| Revision | Date | Description |
| 1.0 | 2021-06-08 | Initial Release |
Acknowledgements
Dell Technologies would like to thank Fabian Bräunlein and Tomasz Holeksa for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900, Product Security InformationArticle Properties
Article Number: 000188058
Article Type: Dell Security Advisory
Last Modified: 18 Sept 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.