DSA-2021-253: Dell EMC PowerFlex Rack Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell EMC PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Component | CVEs | More information |
| vCenter Server | CVE-2021-21991 | VMSA-2021-0020 |
| CVE-2021-21992 | ||
| CVE-2021-21993 | ||
| CVE-2021-22005 | ||
| CVE-2021-22006 | ||
| CVE-2021-22007 | ||
| CVE-2021-22008 | ||
| CVE-2021-22009 | ||
| CVE-2021-22010 | ||
| CVE-2021-22011 | ||
| CVE-2021-22012 | ||
| CVE-2021-22013 | ||
| CVE-2021-22014 | ||
| CVE-2021-22015 | ||
| CVE-2021-22016 | ||
| CVE-2021-22017 | ||
| CVE-2021-22019 | ||
| CVE-2021-22020 | ||
| Dell Server BIOS Firmware | CVE-2019-14553 | KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability. |
| Cisco Switches | CVE-2021-34714 | cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ |
| CVE-2021-1590 | cisco-sa-nxos-login-blockfor-RwjGVEcu | |
| CVE-2021-1588 | cisco-sa-nxos-mpls-oam-dos-sGO9x5GM | |
| CVE-2021-1587 | cisco-sa-nxos-ngoam-dos-LTDb9Hv | |
| CVE-2019-1858 | cisco-sa-20190515-nxos-snmp-dos | |
| CVE-2019-1735 | cisco-sa-20190515-nxos-cmdinj-1735 | |
| CVE-2019-1728 | cisco-sa-20190515-nxos-conf-bypass | |
| CVE-2019-1727 | cisco-sa-20190515-nxos-pyth-escal | |
| CVE-2019-1726 | cisco-sa-20190515-nxos-cli-bypass | |
| PowerFlex Manager | CVE-2021-36345 | |
| CVE-2004-2761 |
| Component | CVEs | More information |
| vCenter Server | CVE-2021-21991 | VMSA-2021-0020 |
| CVE-2021-21992 | ||
| CVE-2021-21993 | ||
| CVE-2021-22005 | ||
| CVE-2021-22006 | ||
| CVE-2021-22007 | ||
| CVE-2021-22008 | ||
| CVE-2021-22009 | ||
| CVE-2021-22010 | ||
| CVE-2021-22011 | ||
| CVE-2021-22012 | ||
| CVE-2021-22013 | ||
| CVE-2021-22014 | ||
| CVE-2021-22015 | ||
| CVE-2021-22016 | ||
| CVE-2021-22017 | ||
| CVE-2021-22019 | ||
| CVE-2021-22020 | ||
| Dell Server BIOS Firmware | CVE-2019-14553 | KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability. |
| Cisco Switches | CVE-2021-34714 | cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ |
| CVE-2021-1590 | cisco-sa-nxos-login-blockfor-RwjGVEcu | |
| CVE-2021-1588 | cisco-sa-nxos-mpls-oam-dos-sGO9x5GM | |
| CVE-2021-1587 | cisco-sa-nxos-ngoam-dos-LTDb9Hv | |
| CVE-2019-1858 | cisco-sa-20190515-nxos-snmp-dos | |
| CVE-2019-1735 | cisco-sa-20190515-nxos-cmdinj-1735 | |
| CVE-2019-1728 | cisco-sa-20190515-nxos-conf-bypass | |
| CVE-2019-1727 | cisco-sa-20190515-nxos-pyth-escal | |
| CVE-2019-1726 | cisco-sa-20190515-nxos-cli-bypass | |
| PowerFlex Manager | CVE-2021-36345 | |
| CVE-2004-2761 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package included in RCM |
| CVE-2021-21991 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | 6.5 U3q (6.5.0.37000) 2021-09-21 18499837 |
| CVE-2021-21992 | Versions before 3.4.6.0 | 3.4.6.0 | 6.5 U3q Build number (18499837) | |
| CVE-2021-21993 | Versions before 3.5.6.0 | 3.5.6.0 | 6.7 Update 3o (6.7.0.50000)18485166 18485185 | |
| CVE-2021-22005 | ||||
| CVE-2021-22006 | ||||
| CVE-2021-22007 | ||||
| CVE-2021-22008 | ||||
| CVE-2021-22009 | ||||
| CVE-2021-22010 | ||||
| CVE-2021-22011 | ||||
| CVE-2021-22012 | ||||
| CVE-2021-22013 | ||||
| CVE-2021-22014 | ||||
| CVE-2021-22015 | ||||
| CVE-2021-22016 | ||||
| CVE-2021-22017 | ||||
| CVE-2021-22019 | ||||
| CVE-2021-22020 | ||||
| CVE-2019-14553 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | BIOS Firmware 14G 2.12.2 |
| Versions before 3.4.6.0 | 3.4.6.0 | BIOS Firmware 14G 2.12.2 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | BIOS Firmware 14G 2.12.2 | ||
| CVE-2021-34714 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | Cisco Nexus OS 9.3(8) |
| CVE-2021-1590 | Versions before 3.4.6.0 | 3.4.6.0 | Cisco Nexus OS 9.3(8) | |
| CVE-2021-1588 | Versions before 3.5.6.0 | 3.5.6.0 | Cisco Nexus OS 9.3(8) | |
| CVE-2021-1587 | ||||
| CVE-2019-1858 | ||||
| CVE-2019-1735 | ||||
| CVE-2019-1728 | ||||
| CVE-2019-1727 | ||||
| CVE-2019-1726 | ||||
| CVE-2021-36345 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
| Versions before 3.4.6.0 | 3.4.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| CVE-2004-2761 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
| Versions before 3.4.6.0 | 3.4.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package included in RCM |
| CVE-2021-21991 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | 6.5 U3q (6.5.0.37000) 2021-09-21 18499837 |
| CVE-2021-21992 | Versions before 3.4.6.0 | 3.4.6.0 | 6.5 U3q Build number (18499837) | |
| CVE-2021-21993 | Versions before 3.5.6.0 | 3.5.6.0 | 6.7 Update 3o (6.7.0.50000)18485166 18485185 | |
| CVE-2021-22005 | ||||
| CVE-2021-22006 | ||||
| CVE-2021-22007 | ||||
| CVE-2021-22008 | ||||
| CVE-2021-22009 | ||||
| CVE-2021-22010 | ||||
| CVE-2021-22011 | ||||
| CVE-2021-22012 | ||||
| CVE-2021-22013 | ||||
| CVE-2021-22014 | ||||
| CVE-2021-22015 | ||||
| CVE-2021-22016 | ||||
| CVE-2021-22017 | ||||
| CVE-2021-22019 | ||||
| CVE-2021-22020 | ||||
| CVE-2019-14553 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | BIOS Firmware 14G 2.12.2 |
| Versions before 3.4.6.0 | 3.4.6.0 | BIOS Firmware 14G 2.12.2 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | BIOS Firmware 14G 2.12.2 | ||
| CVE-2021-34714 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | Cisco Nexus OS 9.3(8) |
| CVE-2021-1590 | Versions before 3.4.6.0 | 3.4.6.0 | Cisco Nexus OS 9.3(8) | |
| CVE-2021-1588 | Versions before 3.5.6.0 | 3.5.6.0 | Cisco Nexus OS 9.3(8) | |
| CVE-2021-1587 | ||||
| CVE-2019-1858 | ||||
| CVE-2019-1735 | ||||
| CVE-2019-1728 | ||||
| CVE-2019-1727 | ||||
| CVE-2019-1726 | ||||
| CVE-2021-36345 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
| Versions before 3.4.6.0 | 3.4.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| CVE-2004-2761 | PowerFlex rack | Versions before 3.3.11.0 | 3.3.11.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
| Versions before 3.4.6.0 | 3.4.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 | ||
| Versions before 3.5.6.0 | 3.5.6.0 | PowerFlex Manager Version 3.8.0, Build 8173 |
Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Revision History
| Revision | Date | Description |
| 1.0 | 2021-12-03 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
PowerFlex rack, Product Security Information, PowerFlex SoftwareArticle Properties
Article Number: 000194091
Article Type: Dell Security Advisory
Last Modified: 03 Dec 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.