DSA-2019-011: Dell EMC VNX2 Family Security Update for Multiple Vulnerabilities in Embedded Components
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
Summary:
Multiple embedded components within the Dell EMC VNX2 Product Family require security updates to address various vulnerabilities.
The embedded components and the vulnerabilities affecting them are listed below.
Dell EMC VNX2 OE for Block was updated to address following vulnerabilities in storage processor:
-
Embedded Windows OS
CVE-1999-0511 CVE-2018-5391
Dell EMC VNX2 OE for File was updated to address following vulnerabilities in VNX Control Station:
-
Apache commons file upload (eliminated from VNX2 OE for File)
CVE-2016-1000031
-
Apache httpd
CVE-2016-5387
-
bind
CVE-2016-9147
-
Oracle Java SE (April and July 2018 CPU)
CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795
CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799
CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
CVE-2018-2825 CVE-2018-2826 CVE-2018-2938 CVE-2018-2940
CVE-2018-2941 CVE-2018-2942 CVE-2018-2952 CVE-2018-2964
CVE-2018-2972 CVE-2018-2973
-
Sweet32 Attack on management port 443 and 5989
CVE-2016-2183
-
SSH Weak Algorithms Supported
arcfour ciphers are removed (No CVE)
Dell EMC VNX2 OE for File was updated to address following vulnerabilities in data mover:
-
OpenSSH
CVE-2016-6515
-
OpenSSL
CVE-2016-0705 CVE-2016-0798 CVE-2016-0799
-
SSH Weak Algorithms Supported
arcfour ciphers are removed (No CVE)
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
The embedded components and the vulnerabilities affecting them are listed below.
Dell EMC VNX2 OE for Block was updated to address following vulnerabilities in storage processor:
-
Embedded Windows OS
CVE-1999-0511 CVE-2018-5391
Dell EMC VNX2 OE for File was updated to address following vulnerabilities in VNX Control Station:
-
Apache commons file upload (eliminated from VNX2 OE for File)
CVE-2016-1000031
-
Apache httpd
CVE-2016-5387
-
bind
CVE-2016-9147
-
Oracle Java SE (April and July 2018 CPU)
CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795
CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799
CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
CVE-2018-2825 CVE-2018-2826 CVE-2018-2938 CVE-2018-2940
CVE-2018-2941 CVE-2018-2942 CVE-2018-2952 CVE-2018-2964
CVE-2018-2972 CVE-2018-2973
-
Sweet32 Attack on management port 443 and 5989
CVE-2016-2183
-
SSH Weak Algorithms Supported
arcfour ciphers are removed (No CVE)
Dell EMC VNX2 OE for File was updated to address following vulnerabilities in data mover:
-
OpenSSH
CVE-2016-6515
-
OpenSSL
CVE-2016-0705 CVE-2016-0798 CVE-2016-0799
-
SSH Weak Algorithms Supported
arcfour ciphers are removed (No CVE)
For more information about the Common Vulnerability and Exposure (CVE) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected Products & Remediation
Affected products:
Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.236
Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.236
Remediation:
The following Dell EMC VNX2 releases address these vulnerabilities:
-
Dell EMC VNX2 Operating Environment (OE) for Block 05.33.009.5.236
-
Dell EMC VNX2 Operating Environment (OE) for File 8.1.9.236
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to Remedies:
Registered Dell EMC Support customers can download VNX2 software from the EMC Online Support web site at https://support.emc.com/downloads/36656_VNX2-Series.
Affected products:
Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.236
Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.236
Remediation:
The following Dell EMC VNX2 releases address these vulnerabilities:
-
Dell EMC VNX2 Operating Environment (OE) for Block 05.33.009.5.236
-
Dell EMC VNX2 Operating Environment (OE) for File 8.1.9.236
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to Remedies:
Registered Dell EMC Support customers can download VNX2 software from the EMC Online Support web site at https://support.emc.com/downloads/36656_VNX2-Series.
Addressed in Block OE:
CVE-1999-0511 CVE-2018-5391
Addressed in File:
CVE-2016-0705 CVE-2016-0798 CVE-2016-0799 CVE-2016-1000031
CVE-2016-2183 CVE-2016-5387 CVE-2016-6515 CVE-2016-9147
CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795
CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799
CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
CVE-2018-2825 CVE-2018-2826 CVE-2018-2938 CVE-2018-2940
CVE-2018-2941 CVE-2018-2942 CVE-2018-2952 CVE-2018-2964
CVE-2018-2972 CVE-2018-2973
CVE-1999-0511 CVE-2018-5391
Addressed in File:
CVE-2016-0705 CVE-2016-0798 CVE-2016-0799 CVE-2016-1000031
CVE-2016-2183 CVE-2016-5387 CVE-2016-6515 CVE-2016-9147
CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795
CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799
CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
CVE-2018-2825 CVE-2018-2826 CVE-2018-2938 CVE-2018-2940
CVE-2018-2941 CVE-2018-2942 CVE-2018-2952 CVE-2018-2964
CVE-2018-2972 CVE-2018-2973
Related Information
Legal Disclaimer
Affected Products
VNX2 SeriesProducts
Product Security Information, VNX2 SeriesArticle Properties
Article Number: 000001808
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.