DSA-2021-006: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities

Summary: Dell EMC VxFlex Ready Node contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Affected Products & Remediation

Affected Products

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

High

Details

Third-Party Component	CVE(s)	More information
Intel BIOS	CVE-2020-8674	INTEL-SA-00390
	CVE-2020-8738
	CVE-2020-8739
	CVE-2020-8740
	CVE-2020-0587
	CVE-2020-0588
	CVE-2020-0590
	CVE-2020-0591
	CVE-2020-0592
	CVE-2020-0593
	CVE-2020-8705
	CVE-2020-8755
	CVE-2020-8696
Dell EMC iDRAC	CVE-2020-26198	DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability https://www.dell.com/support/kbdoc/en-us/000181088/dsa-2020-268-dell-emc-idrac9-reflected-xss-vulnerability
VMWare ESXi	CVE-2020-3992	VMware article How to Disable/Enable CIM Server on VMware ESXi KB76372
	CVE-2020-3981
	CVE-2020-3982
	CVE-2020-3993
	CVE-2020-3994
	CVE-2020-3995
	CVE-2020-4004	Workaround: Refer to VMware document Remove XHCI (USB 3.x) controller

Third-Party Component	CVE(s)	More information
Intel BIOS	CVE-2020-8674	INTEL-SA-00390
	CVE-2020-8738
	CVE-2020-8739
	CVE-2020-8740
	CVE-2020-0587
	CVE-2020-0588
	CVE-2020-0590
	CVE-2020-0591
	CVE-2020-0592
	CVE-2020-0593
	CVE-2020-8705
	CVE-2020-8755
	CVE-2020-8696
Dell EMC iDRAC	CVE-2020-26198	DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability https://www.dell.com/support/kbdoc/en-us/000181088/dsa-2020-268-dell-emc-idrac9-reflected-xss-vulnerability
VMWare ESXi	CVE-2020-3992	VMware article How to Disable/Enable CIM Server on VMware ESXi KB76372
	CVE-2020-3981
	CVE-2020-3982
	CVE-2020-3993
	CVE-2020-3994
	CVE-2020-3995
	CVE-2020-4004	Workaround: Refer to VMware document Remove XHCI (USB 3.x) controller

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
CVE-2020-8674	Dell EMC VxFlex Ready Node	14G nodes: R640, R740xd, and R840 Firmware matrix prior to DTK and OME packages from December 2020	DTK and OME packages from December 2020	Dell EMC VxFlex Ready Node firmware update tools: https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=cr1k4&oscode=wst14 VxFlex-Ready-Node-OME-Catalog-for-Dell_14G_2020_December_A02.zip VxFlex-Ready-Node-Hardware-Update-for-Dell_14G_2020_December_A01.iso Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: https://www.dell.com/support/home/en-us/product-support/product/scaleio-ready-node--poweredge-14g/drivers
CVE-2020-8738
CVE-2020-8739
CVE-2020-8740
CVE-2020-0587
CVE-2020-0588
CVE-2020-0590
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
CVE-2020-8705
CVE-2020-8755
CVE-2020-8696
CVE-2020-26198	Dell EMC VxFlex Ready Node AMS managed Nodes	14G nodes: R640, R740xd, and R840	Manual update	AMS release with this firmware is planned for the near future, for short term refer to Manual update as described in Workarounds and Mitigations
CVE-2020-3992	Dell EMC VxFlex Ready Node OS matrix	6.7 EP16 and below 6.5 EP21 and below	ESXi 6.7 P04 ESXi 6.5 EP 23	February 2021
CVE-2020-3981
CVE-2020-3982
CVE-2020-3993
CVE-2020-3994
CVE-2020-3995
CVE-2020-4004

CVE(s) Addressed	Product	Affected Version(s)	Updated Version(s)	Link to Update
CVE-2020-8674	Dell EMC VxFlex Ready Node	14G nodes: R640, R740xd, and R840 Firmware matrix prior to DTK and OME packages from December 2020	DTK and OME packages from December 2020	Dell EMC VxFlex Ready Node firmware update tools: https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=cr1k4&oscode=wst14 VxFlex-Ready-Node-OME-Catalog-for-Dell_14G_2020_December_A02.zip VxFlex-Ready-Node-Hardware-Update-for-Dell_14G_2020_December_A01.iso Registered Dell EMC Online Support customers can download the Dell EMC VxFlex Ready Node update at: https://www.dell.com/support/home/en-us/product-support/product/scaleio-ready-node--poweredge-14g/drivers
CVE-2020-8738
CVE-2020-8739
CVE-2020-8740
CVE-2020-0587
CVE-2020-0588
CVE-2020-0590
CVE-2020-0591
CVE-2020-0592
CVE-2020-0593
CVE-2020-8705
CVE-2020-8755
CVE-2020-8696
CVE-2020-26198	Dell EMC VxFlex Ready Node AMS managed Nodes	14G nodes: R640, R740xd, and R840	Manual update	AMS release with this firmware is planned for the near future, for short term refer to Manual update as described in Workarounds and Mitigations
CVE-2020-3992	Dell EMC VxFlex Ready Node OS matrix	6.7 EP16 and below 6.5 EP21 and below	ESXi 6.7 P04 ESXi 6.5 EP 23	February 2021
CVE-2020-3981
CVE-2020-3982
CVE-2020-3993
CVE-2020-3994
CVE-2020-3995
CVE-2020-4004

Workarounds & Mitigations

For AMS managed systems - Update BIOS manually in AMS systems as described in KB article DTA 180474: PowerFlex: Recommended BIOS Upgrade for PowerFlex systems running PowerEdge BIOS 2.6.3 through 2.8.1: https://www.dell.com/support/kbdoc/en-us/000180474/recommended-bios-upgrade-for-powerflex-systems-running-poweredge-bios-2-6-4-through-2-8-1
For AMS managed system - Update BIOS via iDRAC as described in Dell documentation: Upgrading the Dell firmware and BIOS—PowerEdge 14G
ESXi patches
- For AMS managed systems - contact your account manager for guidelines
- For NonAMS systems refer to the following guide for update guidelines: Upgrade the operating system to a major ESXi version

Revision History

Revision	Date	Description
1.0	2021-01-21	Initial Release

Related Information

Legal Disclaimer

Affected Products

VxFlex Ready Nodes, VxFlex Ready Node, VxFlex Ready Node R640, VxFlex Ready Node R740xd, VxFlex Ready Node R840

Products

Product Security Information

Article Number: 000182056

Article Type: Dell Security Advisory

Last Modified: 22 May 2021

Check if your device is covered by Support Services.

DSA-2021-006: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities

Summary: Dell EMC VxFlex Ready Node contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Info

Legal Disclaimer

Affected Products

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

DSA-2021-006: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities

Summary: Dell EMC VxFlex Ready Node contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Detailed Article

Impact

Details

Affected Products & Remediation

Workarounds & Mitigations

Revision History

Related Information

Legal Disclaimer

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services