DSA-2019-029: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax vApp, Dell EMC Solutions Enabler, Dell EMC Solutions Enabler vApp, and Dell EMC PowerMax Embedded Management Update for Multiple Vulnerabilities in Embedded Components

The following embedded components are updated for the vulnerabilities listed below: 

Dell EMC Solutions Enabler has been updated to address the following vulnerability: 

• OpenSSL

CVE-2018-5407

Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance and Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management has been updated to address the following vulnerabilities:  

• Oracle Java

CVE-2018-11212    CVE-2019-2540    CVE-2019-2426    CVE-2019-2449
CVE-2019-2422

The embedded Windows OS for the MMCS has been updated to address the following vulnerabilities: 

• Windows Updates

CVE-2018-8330    CVE-2018-8432    CVE-2018-8472    CVE-2018-8481
CVE-2018-8482    CVE-2018-8486    CVE-2018-8407    CVE-2018-8408
CVE-2018-8563    CVE-2018-8565    CVE-2018-8477    CVE-2018-8514
CVE-2018-8595    CVE-2018-8596    CVE-2018-8621    CVE-2018-8622
CVE-2018-8440    CVE-2018-8475    CVE-2019-0536    CVE-2019-0545
CVE-2019-0549    CVE-2019-0554    CVE-2019-0569   

See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products:  

• Unisphere for PowerMax versions prior to 9.0.2.10

• Unisphere for PowerMax Virtual Appliance versions prior to 9.0.2.10

• Solutions Enabler versions prior to 9.0.0.14

• Solutions Enabler Virtual Appliance versions prior to 9.0.0.14

• PowerMax OS Release 5978.221.221 and prior
   

Remediation:
These issues are addressed in Dell EMC PowerMax OS 5978 by requesting DSA-2019-029 or OPT 552287. Contact Dell EMC Customer Support to request a PowerMax OS Service Pack containing this fix and for assistance in scheduling this upgrade.

• Unisphere for PowerMax 9.0.2.10 or later

• Unisphere for PowerMax Virtual Appliance 9.0.2.10 or later

• Solutions Enabler 9.0.0.14 or later

• Solutions Enabler Virtual Appliance ISO Upgrade 9.0.0.14 or later

• Solutions Enabler Virtual Appliance OVA 9.0.0.14 or later

• For PowerMax OS Release 5978: 

  • Request an ePack for DSA-2019-029 or OPT 552287

Dell EMC recommends all customers upgrade at the earliest opportunity. Dell EMC recommends customers to follow security best practices for malware protection to help prevent possible exploitation of these vulnerabilities. These practices include, but are not limited to, promptly deploying software updates, avoiding unknown hyperlinks and websites, never downloading files or applications from unknown sources, and employing up-to-date anti-virus and advanced threat protection solutions.


Link to Remedies:
Customers can download software from https://support.emc.com/downloads/44740_Unisphere-for-PowerMax for Unisphere for PowerMax 9.0.2.10 and EMC Unisphere for VMAX Virtual Appliance 9.0.2.10 OVA and ISO.

Customers can download software from https://support.emc.com/downloads/2071_Solutions-Enabler for Solution Enabler 9.0.0.14 and Solutions Enabler Virtual Appliance 9.0.0.14 OVA and ISO.

Registered Dell EMC Online Support customers are recommended to contact Dell EMC Customer Support for all fixes as they are not available from the online support download page. Open a Service Request to have the hotfix or ePack installed. Contact Dell EMC Support with any questions.