Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

DSA-2021-253: Dell EMC PowerFlex Rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761
Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision History

RevisionDateDescription
1.02021-12-03Initial Release

Related Information

Affected Products

PowerFlex rack, Product Security Information, PowerFlex Software
Article Properties
Article Number: 000194091
Article Type: Dell Security Advisory
Last Modified: 03 Dec 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.