DSA-2020-201: PowerFlex Manager Security Update for OpenSSH Vulnerabilities
Summary: Dell EMC PowerFlex Manager require a security update to address OpenSSH vulnerabilities.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Third-party Component | CVE(s) | More information |
| OpenSSH | CVE-2015-4000 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2016-2183 |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
| Third-party Component | CVE(s) | More information |
| OpenSSH | CVE-2015-4000 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2016-2183 |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected Products:
Dell EMC PowerFlex Manager versions prior to 3.5.0
Remediation:
The following Dell EMC PowerFlex Manager releases contain a resolution to these vulnerabilities:
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
https://cpsdocs.dellemc.com/rcm/#/home.
For RCM download:
https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Dell EMC PowerFlex Manager versions prior to 3.5.0
Remediation:
The following Dell EMC PowerFlex Manager releases contain a resolution to these vulnerabilities:
- Dell EMC PowerFlex Manager version 3.5.0 (Build Number 3.5.0-5507)
- PowerFlex Manager version 3.5.0 (Build Number 3.5.0-5507) to address CVE-2015-4000 for SSH Server Supports diffie-hellman-group1-sha1 and CVE-2016-2183 for SSH Birthday attacks on 64-bit block ciphers (SWEET32)
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
https://cpsdocs.dellemc.com/rcm/#/home.
For RCM download:
https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Affected Products:
Dell EMC PowerFlex Manager versions prior to 3.5.0
Remediation:
The following Dell EMC PowerFlex Manager releases contain a resolution to these vulnerabilities:
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
https://cpsdocs.dellemc.com/rcm/#/home.
For RCM download:
https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Dell EMC PowerFlex Manager versions prior to 3.5.0
Remediation:
The following Dell EMC PowerFlex Manager releases contain a resolution to these vulnerabilities:
- Dell EMC PowerFlex Manager version 3.5.0 (Build Number 3.5.0-5507)
- PowerFlex Manager version 3.5.0 (Build Number 3.5.0-5507) to address CVE-2015-4000 for SSH Server Supports diffie-hellman-group1-sha1 and CVE-2016-2183 for SSH Birthday attacks on 64-bit block ciphers (SWEET32)
Dell EMC recommends all customers upgrade at the earliest opportunity.
For RCM release information:
https://cpsdocs.dellemc.com/rcm/#/home.
For RCM download:
https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Workarounds & Mitigations
None.
Related Information
Legal Disclaimer
Affected Products
PowerFlex rack, Product Security Information, PowerFlex Software, VxFlex Product Family, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840Article Properties
Article Number: 000001723
Article Type: Dell Security Advisory
Last Modified: 19 Oct 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.