DSA-2020-269: Dell EMC ECS Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell EMC ECS contains remediation for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third Party Component | CVE | More Information |
| Intel | CVE-2020-8708 | See (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html) for individual scores for each CVE |
| CVE-2020-8730 | ||
| CVE-2020-8731 | ||
| CVE-2020-8707 | ||
| CVE-2020-8719 | ||
| CVE-2020-8721 | ||
| CVE-2020-8710 | ||
| CVE-2020-8711 | ||
| CVE-2020-8712 | ||
| CVE-2020-8718 | ||
| CVE-2020-8722 | ||
| CVE-2020-8732 | ||
| CVE-2020-8709 | ||
| CVE-2020-8723 | ||
| CVE-2020-8713 | ||
| CVE-2020-8706 | ||
| CVE-2020-8729 | ||
| CVE-2020-8715 | ||
| CVE-2020-8716 | ||
| CVE-2020-8714 | ||
| CVE-2020-8717 | ||
| CVE-2020-8720 | ||
| iDRAC | CVE-2020-5366 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Oracle | CVE-2020-2803 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2020-2805 | ||
| CVE-2019-18197 | ||
| CVE-2020-2816 | ||
| CVE-2020-2781 | ||
| CVE-2020-2830 | ||
| CVE-2020-2767 | ||
| CVE-2020-2800 | ||
| CVE-2020-2778 | ||
| CVE-2020-2764 | ||
| CVE-2020-2754 | ||
| CVE-2020-2755 | ||
| CVE-2020-2773 | ||
| CVE-2020-2756 | ||
| CVE-2020-2757 | ||
| CVE-2020-14664 | ||
| CVE-2020-14583 | ||
| CVE-2020-14593 | ||
| CVE-2020-14562 | ||
| CVE-2020-14621 | ||
| CVE-2020-14556 | ||
| CVE-2020-14573 | ||
| CVE-2020-14581 | ||
| CVE-2020-14578 | ||
| CVE-2020-14579 | ||
| CVE-2020-14577 |
| Third Party Component | CVE | More Information |
| Intel | CVE-2020-8708 | See (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00384.html) for individual scores for each CVE |
| CVE-2020-8730 | ||
| CVE-2020-8731 | ||
| CVE-2020-8707 | ||
| CVE-2020-8719 | ||
| CVE-2020-8721 | ||
| CVE-2020-8710 | ||
| CVE-2020-8711 | ||
| CVE-2020-8712 | ||
| CVE-2020-8718 | ||
| CVE-2020-8722 | ||
| CVE-2020-8732 | ||
| CVE-2020-8709 | ||
| CVE-2020-8723 | ||
| CVE-2020-8713 | ||
| CVE-2020-8706 | ||
| CVE-2020-8729 | ||
| CVE-2020-8715 | ||
| CVE-2020-8716 | ||
| CVE-2020-8714 | ||
| CVE-2020-8717 | ||
| CVE-2020-8720 | ||
| iDRAC | CVE-2020-5366 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| Oracle | CVE-2020-2803 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2020-2805 | ||
| CVE-2019-18197 | ||
| CVE-2020-2816 | ||
| CVE-2020-2781 | ||
| CVE-2020-2830 | ||
| CVE-2020-2767 | ||
| CVE-2020-2800 | ||
| CVE-2020-2778 | ||
| CVE-2020-2764 | ||
| CVE-2020-2754 | ||
| CVE-2020-2755 | ||
| CVE-2020-2773 | ||
| CVE-2020-2756 | ||
| CVE-2020-2757 | ||
| CVE-2020-14664 | ||
| CVE-2020-14583 | ||
| CVE-2020-14593 | ||
| CVE-2020-14562 | ||
| CVE-2020-14621 | ||
| CVE-2020-14556 | ||
| CVE-2020-14573 | ||
| CVE-2020-14581 | ||
| CVE-2020-14578 | ||
| CVE-2020-14579 | ||
| CVE-2020-14577 |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2020-8708 | Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption | prior to v3.6 | v3.6 and above | Link |
| CVE-2020-8730 | ||||
| CVE-2020-8731 | ||||
| CVE-2020-8707 | ||||
| CVE-2020-8719 | ||||
| CVE-2020-8721 | ||||
| CVE-2020-8710 | ||||
| CVE-2020-8711 | ||||
| CVE-2020-8712 | ||||
| CVE-2020-8718 | ||||
| CVE-2020-8722 | ||||
| CVE-2020-8732 | ||||
| CVE-2020-8709 | ||||
| CVE-2020-8723 | ||||
| CVE-2020-8713 | ||||
| CVE-2020-8706 | ||||
| CVE-2020-8729 | ||||
| CVE-2020-8715 | ||||
| CVE-2020-8716 | ||||
| CVE-2020-8714 | ||||
| CVE-2020-8717 | ||||
| CVE-2020-8720 | ||||
| CVE-2020-5366 | Dell EMC ECS Appliance Hardware Gen3 EX300 and ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware | versions prior to 4.20.20.20 |
iDRAC9 firmware version 4.20.20.20. iDRAC 4.20.20.20 qualified against ECSOS 3.5 and newer |
Link |
| CVE-2020-2803 | Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption | versions prior to 3.5.1.1. |
3.5.1.1 and above | Link |
| CVE-2020-2805 | ||||
| CVE-2019-18197 | ||||
| CVE-2020-2816 | ||||
| CVE-2020-2781 | ||||
| CVE-2020-2830 | ||||
| CVE-2020-2767 | ||||
| CVE-2020-2800 | ||||
| CVE-2020-2778 | ||||
| CVE-2020-2764 | ||||
| CVE-2020-2754 | ||||
| CVE-2020-2755 | ||||
| CVE-2020-2773 | ||||
| CVE-2020-2756 | ||||
| CVE-2020-2757 | ||||
| CVE-2020-14664 | ||||
| CVE-2020-14583 | ||||
| CVE-2020-14593 | ||||
| CVE-2020-14562 | ||||
| CVE-2020-14621 | ||||
| CVE-2020-14556 | ||||
| CVE-2020-14573 | ||||
| CVE-2020-14581 | ||||
| CVE-2020-14578 | ||||
| CVE-2020-14579 | ||||
| CVE-2020-14577 |
NOTE: Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
- Upgrade to ECS 3.6
- Upgrade to ECS 3.6 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Upgrade to ECS 3.5.1.1
- Upgrade to ECS 3.5.1.1 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2020-8708 | Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption | prior to v3.6 | v3.6 and above | Link |
| CVE-2020-8730 | ||||
| CVE-2020-8731 | ||||
| CVE-2020-8707 | ||||
| CVE-2020-8719 | ||||
| CVE-2020-8721 | ||||
| CVE-2020-8710 | ||||
| CVE-2020-8711 | ||||
| CVE-2020-8712 | ||||
| CVE-2020-8718 | ||||
| CVE-2020-8722 | ||||
| CVE-2020-8732 | ||||
| CVE-2020-8709 | ||||
| CVE-2020-8723 | ||||
| CVE-2020-8713 | ||||
| CVE-2020-8706 | ||||
| CVE-2020-8729 | ||||
| CVE-2020-8715 | ||||
| CVE-2020-8716 | ||||
| CVE-2020-8714 | ||||
| CVE-2020-8717 | ||||
| CVE-2020-8720 | ||||
| CVE-2020-5366 | Dell EMC ECS Appliance Hardware Gen3 EX300 and ECS Appliance Hardware Gen3 EX500 iDRAC9 firmware | versions prior to 4.20.20.20 |
iDRAC9 firmware version 4.20.20.20. iDRAC 4.20.20.20 qualified against ECSOS 3.5 and newer |
Link |
| CVE-2020-2803 | Dell EMC ECS Appliance Software with Encryption and Dell EMC ECS Appliance Software without Encryption | versions prior to 3.5.1.1. |
3.5.1.1 and above | Link |
| CVE-2020-2805 | ||||
| CVE-2019-18197 | ||||
| CVE-2020-2816 | ||||
| CVE-2020-2781 | ||||
| CVE-2020-2830 | ||||
| CVE-2020-2767 | ||||
| CVE-2020-2800 | ||||
| CVE-2020-2778 | ||||
| CVE-2020-2764 | ||||
| CVE-2020-2754 | ||||
| CVE-2020-2755 | ||||
| CVE-2020-2773 | ||||
| CVE-2020-2756 | ||||
| CVE-2020-2757 | ||||
| CVE-2020-14664 | ||||
| CVE-2020-14583 | ||||
| CVE-2020-14593 | ||||
| CVE-2020-14562 | ||||
| CVE-2020-14621 | ||||
| CVE-2020-14556 | ||||
| CVE-2020-14573 | ||||
| CVE-2020-14581 | ||||
| CVE-2020-14578 | ||||
| CVE-2020-14579 | ||||
| CVE-2020-14577 |
NOTE: Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
- Upgrade to ECS 3.6
- Upgrade to ECS 3.6 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Upgrade to ECS 3.5.1.1
- Upgrade to ECS 3.5.1.1 + apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
- Apply iDRAC 4.20.20.20 Firmware Upgrade (Gen3 Ex300/EX500 HW Only)
Workarounds & Mitigations
None
Revision History
| Revision | Date | Description |
| 1.0 | 2021-01-05 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX500Article Properties
Article Number: 000181580
Article Type: Dell Security Advisory
Last Modified: 22 May 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.