DSA-2021-065: Dell PowerFlex rack Security Update for Multiple Third-Party Component Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-Party Component	CVE(s)	More information
vCenter Server	CVE-2021-21972	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
vCenter Server	CVE-2021-21973
VMware ESXi	CVE-2021-21974
Embedded OS	CVE-2020-14372	Grub2 vulnerabilities: https://access.redhat.com/errata/RHSA-2021:0701?sc_cid=701600000006NHXAA2
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
Cisco Nexus	CVE-2021-1361	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
Cisco Nexus	CVE-2020-1971	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93970

Third-Party Component	CVE(s)	More information
vCenter Server	CVE-2021-21972	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
vCenter Server	CVE-2021-21973
VMware ESXi	CVE-2021-21974
Embedded OS	CVE-2020-14372	Grub2 vulnerabilities: https://access.redhat.com/errata/RHSA-2021:0701?sc_cid=701600000006NHXAA2
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
Cisco Nexus	CVE-2021-1361	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
Cisco Nexus	CVE-2020-1971	https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93970

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs	Product	Affected RCM Versions	Updated RCM Versions	Link to Update
CVE-2021-1361	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2020-1971	PowerFlex rack	Versions prior to 3.3.9.2	Upgrade to RCM versions below.
CVE-2020-1971	PowerFlex rack	Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21972	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21973
CVE-2021-21974
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

CVEs	Product	Affected RCM Versions	Updated RCM Versions	Link to Update
CVE-2021-1361	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2020-1971	PowerFlex rack	Versions prior to 3.3.9.2	Upgrade to RCM versions below.
CVE-2020-1971	PowerFlex rack	Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21972	PowerFlex rack	Versions prior to 3.3.9.2 Versions prior to 3.4.4.2 Versions prior to 3.5.4.2	3.3.9.2 3.4.4.2 3.5.4.2	For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home. For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVE-2021-21973
CVE-2021-21974
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

Revision History

Revision	Date	Description
1.0	2021-3-30	Initial Release

Related Information

Legal Disclaimer

Affected Products

PowerFlex rack, Product Security Information

Products

PowerFlex Software

Article Number: 000184747

Article Type: Dell Security Advisory

Last Modified: 22 May 2021

Check if your device is covered by Support Services.

DSA-2021-065: Dell PowerFlex rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services