Impact
Critical
Details
Third Party Component |
CVE |
More Information |
Intel |
CVE-2020-8708 |
See (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html) for individual scores for each CVE |
CVE-2020-8730 |
CVE-2020-8731 |
CVE-2020-8707 |
CVE-2020-8719 |
CVE-2020-8721 |
CVE-2020-8710 |
CVE-2020-8711 |
CVE-2020-8712 |
CVE-2020-8718 |
CVE-2020-8722 |
CVE-2020-8732 |
CVE-2020-8709 |
CVE-2020-8723 |
CVE-2020-8713 |
CVE-2020-8706 |
CVE-2020-8729 |
CVE-2020-8715 |
CVE-2020-8716 |
CVE-2020-8714 |
CVE-2020-8717 |
CVE-2020-8720 |
iDRAC |
CVE-2020-5366 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
Oracle |
CVE-2020-2803 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2020-2805 |
CVE-2019-18197 |
CVE-2020-2816 |
CVE-2020-2781 |
CVE-2020-2830 |
CVE-2020-2767 |
CVE-2020-2800 |
CVE-2020-2778 |
CVE-2020-2764 |
CVE-2020-2754 |
CVE-2020-2755 |
CVE-2020-2773 |
CVE-2020-2756 |
CVE-2020-2757 |
CVE-2020-14664 |
CVE-2020-14583 |
CVE-2020-14593 |
CVE-2020-14562 |
CVE-2020-14621 |
CVE-2020-14556 |
CVE-2020-14573 |
CVE-2020-14581 |
CVE-2020-14578 |
CVE-2020-14579 |
CVE-2020-14577 |
Third Party Component |
CVE |
More Information |
Intel |
CVE-2020-8708 |
See (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html) for individual scores for each CVE |
CVE-2020-8730 |
CVE-2020-8731 |
CVE-2020-8707 |
CVE-2020-8719 |
CVE-2020-8721 |
CVE-2020-8710 |
CVE-2020-8711 |
CVE-2020-8712 |
CVE-2020-8718 |
CVE-2020-8722 |
CVE-2020-8732 |
CVE-2020-8709 |
CVE-2020-8723 |
CVE-2020-8713 |
CVE-2020-8706 |
CVE-2020-8729 |
CVE-2020-8715 |
CVE-2020-8716 |
CVE-2020-8714 |
CVE-2020-8717 |
CVE-2020-8720 |
iDRAC |
CVE-2020-5366 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
Oracle |
CVE-2020-2803 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2020-2805 |
CVE-2019-18197 |
CVE-2020-2816 |
CVE-2020-2781 |
CVE-2020-2830 |
CVE-2020-2767 |
CVE-2020-2800 |
CVE-2020-2778 |
CVE-2020-2764 |
CVE-2020-2754 |
CVE-2020-2755 |
CVE-2020-2773 |
CVE-2020-2756 |
CVE-2020-2757 |
CVE-2020-14664 |
CVE-2020-14583 |
CVE-2020-14593 |
CVE-2020-14562 |
CVE-2020-14621 |
CVE-2020-14556 |
CVE-2020-14573 |
CVE-2020-14581 |
CVE-2020-14578 |
CVE-2020-14579 |
CVE-2020-14577 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
CVE-2020-8708 |
Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption |
prior to v3.6 |
v3.6 and above |
Link |
CVE-2020-8730 |
CVE-2020-8731 |
CVE-2020-8707 |
CVE-2020-8719 |
CVE-2020-8721 |
CVE-2020-8710 |
CVE-2020-8711 |
CVE-2020-8712 |
CVE-2020-8718 |
CVE-2020-8722 |
CVE-2020-8732 |
CVE-2020-8709 |
CVE-2020-8723 |
CVE-2020-8713 |
CVE-2020-8706 |
CVE-2020-8729 |
CVE-2020-8715 |
CVE-2020-8716 |
CVE-2020-8714 |
CVE-2020-8717 |
CVE-2020-8720 |
CVE-2020-5366 |
Dell EMC ECS Appliance Hardware Gen3 EX300 and ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware |
versions prior to 4.20.20.20 |
iDRAC9 firmware version 4.20.20.20. iDRAC 4.20.20.20 qualified against ECSOS 3.5 and newer |
Link |
CVE-2020-2803 |
Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption |
versions prior to 3.5.1.1. |
3.5.1.1 and above |
Link |
CVE-2020-2805 |
CVE-2019-18197 |
CVE-2020-2816 |
CVE-2020-2781 |
CVE-2020-2830 |
CVE-2020-2767 |
CVE-2020-2800 |
CVE-2020-2778 |
CVE-2020-2764 |
CVE-2020-2754 |
CVE-2020-2755 |
CVE-2020-2773 |
CVE-2020-2756 |
CVE-2020-2757 |
CVE-2020-14664 |
CVE-2020-14583 |
CVE-2020-14593 |
CVE-2020-14562 |
CVE-2020-14621 |
CVE-2020-14556 |
CVE-2020-14573 |
CVE-2020-14581 |
CVE-2020-14578 |
CVE-2020-14579 |
CVE-2020-14577 |
NOTE: Customers should open an
“Operating Environment Upgrade” Service Request with the ECS Remote Proactive team
and reference this DSA number along with the desired remediation action from the below:
- Upgrade to ECS 3.6
- Upgrade to ECS 3.6 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Upgrade to ECS 3.5.1.1
- Upgrade to ECS 3.5.1.1 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
CVE(s) Addressed |
Product |
Affected Version(s) |
Updated Version(s) |
Link to Update |
CVE-2020-8708 |
Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption |
prior to v3.6 |
v3.6 and above |
Link |
CVE-2020-8730 |
CVE-2020-8731 |
CVE-2020-8707 |
CVE-2020-8719 |
CVE-2020-8721 |
CVE-2020-8710 |
CVE-2020-8711 |
CVE-2020-8712 |
CVE-2020-8718 |
CVE-2020-8722 |
CVE-2020-8732 |
CVE-2020-8709 |
CVE-2020-8723 |
CVE-2020-8713 |
CVE-2020-8706 |
CVE-2020-8729 |
CVE-2020-8715 |
CVE-2020-8716 |
CVE-2020-8714 |
CVE-2020-8717 |
CVE-2020-8720 |
CVE-2020-5366 |
Dell EMC ECS Appliance Hardware Gen3 EX300 and ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware |
versions prior to 4.20.20.20 |
iDRAC9 firmware version 4.20.20.20. iDRAC 4.20.20.20 qualified against ECSOS 3.5 and newer |
Link |
CVE-2020-2803 |
Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption |
versions prior to 3.5.1.1. |
3.5.1.1 and above |
Link |
CVE-2020-2805 |
CVE-2019-18197 |
CVE-2020-2816 |
CVE-2020-2781 |
CVE-2020-2830 |
CVE-2020-2767 |
CVE-2020-2800 |
CVE-2020-2778 |
CVE-2020-2764 |
CVE-2020-2754 |
CVE-2020-2755 |
CVE-2020-2773 |
CVE-2020-2756 |
CVE-2020-2757 |
CVE-2020-14664 |
CVE-2020-14583 |
CVE-2020-14593 |
CVE-2020-14562 |
CVE-2020-14621 |
CVE-2020-14556 |
CVE-2020-14573 |
CVE-2020-14581 |
CVE-2020-14578 |
CVE-2020-14579 |
CVE-2020-14577 |
NOTE: Customers should open an
“Operating Environment Upgrade” Service Request with the ECS Remote Proactive team
and reference this DSA number along with the desired remediation action from the below:
- Upgrade to ECS 3.6
- Upgrade to ECS 3.6 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Upgrade to ECS 3.5.1.1
- Upgrade to ECS 3.5.1.1 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
Workarounds & Mitigations
None
Revision History
Revision | Date | Description |
1.0 | 2021-01-05 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX500