DSA-2020-090: VxFlex Integrated Rack Security Update for Multiple Third-Party Component Vulnerabilities

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Summary:    
Multiple components within Dell EMC VxFlex Integrated Rack require a security update to address various vulnerabilities. 

The components are updated for the following vulnerabilities:    

Dell Server:    

  • iDRAC

CVE-2020-5344

  • Intel Processor

CVE-2019-0131    CVE-2019-0165    CVE-2019-0166    CVE-2019-0168
CVE-2019-0169    CVE-2019-0123    CVE-2019-0124    CVE-2019-0151
CVE-2019-0152    CVE-2019-0152    CVE-2019-0154    CVE-2019-0139
CVE-2019-0140    CVE-2019-0142    CVE-2019-0143    CVE-2019-0144
CVE-2019-0145    CVE-2019-0146    CVE-2019-0147    CVE-2019-0148
CVE-2019-0149    CVE-2019-0150    CVE-2019-11086  CVE-2019-11087
CVE-2019-11088  CVE-2019-11090  CVE-2019-11097   CVE-2019-11100
CVE-2019-11101  CVE-2019-11102  CVE-2019-11103   CVE-2019-11104
CVE-2019-11105  CVE-2019-11106  CVE-2019-11107   CVE-2019-11108
CVE-2019-11109  CVE-2019-11110 

VMware Virtualization:    

  • OpenSLP as used in ESXi and the Horizon DaaS

CVE-2019-5544

  • VMware vCenter Server Appliance

CVE-2019-5537    CVE-2019-5538

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

The components are updated for the following vulnerabilities:    

Dell Server:    

  • iDRAC

CVE-2020-5344

  • Intel Processor

CVE-2019-0131    CVE-2019-0165    CVE-2019-0166    CVE-2019-0168
CVE-2019-0169    CVE-2019-0123    CVE-2019-0124    CVE-2019-0151
CVE-2019-0152    CVE-2019-0152    CVE-2019-0154    CVE-2019-0139
CVE-2019-0140    CVE-2019-0142    CVE-2019-0143    CVE-2019-0144
CVE-2019-0145    CVE-2019-0146    CVE-2019-0147    CVE-2019-0148
CVE-2019-0149    CVE-2019-0150    CVE-2019-11086  CVE-2019-11087
CVE-2019-11088  CVE-2019-11090  CVE-2019-11097   CVE-2019-11100
CVE-2019-11101  CVE-2019-11102  CVE-2019-11103   CVE-2019-11104
CVE-2019-11105  CVE-2019-11106  CVE-2019-11107   CVE-2019-11108
CVE-2019-11109  CVE-2019-11110 

VMware Virtualization:    

  • OpenSLP as used in ESXi and the Horizon DaaS

CVE-2019-5544

  • VMware vCenter Server Appliance

CVE-2019-5537    CVE-2019-5538

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  

To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected Products:    
Dell EMC VxFlex Integrated Rack versions prior to 3.3.7.0
Dell EMC VxFlex Integrated Rack versions prior to 3.4.2.0
Dell EMC VxFlex Integrated Rack versions prior to 3.5.2.0

Remediation:    
The following Dell EMC VxFlex Integrated Rack releases contain a resolution to these vulnerabilities:    

  • Dell EMC VxFlex Integrated Rack 3.3.7.0

  • Dell EMC VxFlex Integrated Rack 3.4.2.0

  • Dell EMC VxFlex Integrated Rack 3.5.2.0

Dell EMC recommends all customers upgrade at the earliest opportunity.

For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home.

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417



Affected Products:    
Dell EMC VxFlex Integrated Rack versions prior to 3.3.7.0
Dell EMC VxFlex Integrated Rack versions prior to 3.4.2.0
Dell EMC VxFlex Integrated Rack versions prior to 3.5.2.0

Remediation:    
The following Dell EMC VxFlex Integrated Rack releases contain a resolution to these vulnerabilities:    

  • Dell EMC VxFlex Integrated Rack 3.3.7.0

  • Dell EMC VxFlex Integrated Rack 3.4.2.0

  • Dell EMC VxFlex Integrated Rack 3.5.2.0

Dell EMC recommends all customers upgrade at the earliest opportunity.

For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home.

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Products

CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VxRack SDDC, VxRack SDDC 14G-1, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series, VxRail G410 , VxRail G Series Nodes, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail G560, VxRail G560 VCF, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF ...
Article Properties
Article Number: 000001863
Article Type: Dell Security Advisory
Last Modified: 20 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.