Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000188058

DSA-2021-094: Dell ECS Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell ECS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Medium

Details


Third-Party Component
 		 CVEs More information
OpenSSL CVE-2020-1971 NVD - CVE-2020-1971
Dell iDRAC9 CVE-2021-21539  
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544

Third-Party Component
 		 CVEs More information
OpenSSL CVE-2020-1971 NVD - CVE-2020-1971
Dell iDRAC9 CVE-2021-21539  
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2020-1971 Dell ECS Versions prior to 3.6.1.1 3.6.1.1 Link to update
CVE-2021-21539 Dell ECS Appliance Hardware Gen3 EX300
ECS Appliance Hardware Gen3 EX500
iDRAC9 firmware		 Versions prior to 4.40.00.00 4.40.00.00 or later Link to update
CVE-2021-21540
CVE-2021-21541
CVE-2021-21543
CVE-2021-21544
CVE-2021-21542 Dell ECS Appliance Hardware Gen3 EX300
Dell ECS Appliance Hardware Gen3 EX500
Dell ECS Appliance Hardware Gen3 EXF900
iDRAC9 firmware		 Versions prior to 4.40.10.00 4.40.10.00 Link to update


NOTE:
Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
  • Customers below 3.6.1.1:
    • Upgrade to ECS 3.6.1.1
    • Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 EX300/EX500/EXF900 HW Only)
  • Customers on 3.6.1.1:
    • Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 Ex300/EX500/EXF900 HW Only)
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2020-1971 Dell ECS Versions prior to 3.6.1.1 3.6.1.1 Link to update
CVE-2021-21539 Dell ECS Appliance Hardware Gen3 EX300
ECS Appliance Hardware Gen3 EX500
iDRAC9 firmware		 Versions prior to 4.40.00.00 4.40.00.00 or later Link to update
CVE-2021-21540
CVE-2021-21541
CVE-2021-21543
CVE-2021-21544
CVE-2021-21542 Dell ECS Appliance Hardware Gen3 EX300
Dell ECS Appliance Hardware Gen3 EX500
Dell ECS Appliance Hardware Gen3 EXF900
iDRAC9 firmware		 Versions prior to 4.40.10.00 4.40.10.00 Link to update


NOTE:
Customers should open an “Operating Environment Upgrade” Service Request with the ECS Remote Proactive team and reference this DSA number along with the desired remediation action from the below:
  • Customers below 3.6.1.1:
    • Upgrade to ECS 3.6.1.1
    • Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 EX300/EX500/EXF900 HW Only)
  • Customers on 3.6.1.1:
    • Apply iDRAC 4.40.10.00 Firmware Upgrade (Gen3 Ex300/EX500/EXF900 HW Only)

Acknowledgements

Dell Technologies would like to thank Fabian Bräunlein and Tomasz Holeksa for reporting this issue.
 

Revision History

RevisionDateDescription
1.02021-06-08Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900, Product Security Information

Last Published Date

15 Jun 2021

Version

2

Article Type

Dell Security Advisory

Back to Top