Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000189606


DSA-2021-134: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management Security Update for Multiple Third-party Component Vulnerabilities

Summary: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article Content


Impact

High

Details

Proprietary Code CVE Description CVSSBase Score CVSS Vector String
CVE-2021-21548 Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367. 
7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
JQuery CVE-2015-9251 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
sudo CVE-2021-3156 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Oracle CVE-2021-23841 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2021-3450
CVE-2021-2161
CVE-2021-2163
Internet Explorer 11 CVE-2020-17052 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-17053  
CVE-2020-17058  
Microsoft .NET CVE-2020-16937 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2020-0764 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1167
CVE-2020-1599
CVE-2020-16876
CVE-2020-16887
CVE-2020-16889
CVE-2020-16890
CVE-2020-16892
CVE-2020-16895
CVE-2020-16896
CVE-2020-16897
CVE-2020-16898
CVE-2020-16899
CVE-2020-16900
CVE-2020-16902
CVE-2020-16905
CVE-2020-16907
CVE-2020-16908
CVE-2020-16909
CVE-2020-16910
CVE-2020-16911
CVE-2020-16912
CVE-2020-16913
CVE-2020-16914
CVE-2020-16915
CVE-2020-16916
CVE-2020-16919
CVE-2020-16920
CVE-2020-16921
CVE-2020-16922
CVE-2020-16923
CVE-2020-16924
CVE-2020-16927
CVE-2020-16935
CVE-2020-16936
CVE-2020-16939
CVE-2020-16940
CVE-2020-16958
CVE-2020-16959
CVE-2020-16960
CVE-2020-16961
CVE-2020-16962
CVE-2020-16963
CVE-2020-16964
CVE-2020-16967
CVE-2020-16968
CVE-2020-16972
CVE-2020-16973
CVE-2020-16974
CVE-2020-16975
CVE-2020-16976
CVE-2020-16997
CVE-2020-16998
CVE-2020-16999
CVE-2020-17000
CVE-2020-17001
CVE-2020-17004
CVE-2020-17007
CVE-2020-17011
CVE-2020-17013
CVE-2020-17014
CVE-2020-17022
CVE-2020-17024
CVE-2020-17025
CVE-2020-17026
CVE-2020-17027
CVE-2020-17028
CVE-2020-17029
CVE-2020-17030
CVE-2020-17031
CVE-2020-17032
CVE-2020-17033
CVE-2020-17034
CVE-2020-17035
CVE-2020-17036
CVE-2020-17037
CVE-2020-17038
CVE-2020-17041
CVE-2020-17042
CVE-2020-17043
CVE-2020-17044
CVE-2020-17045
CVE-2020-17046
CVE-2020-17047
CVE-2020-17055
CVE-2020-17056
CVE-2020-17057
CVE-2020-17068
CVE-2020-17069
CVE-2020-17070
CVE-2020-17071
CVE-2020-17075
CVE-2020-17077
CVE-2020-17087
CVE-2020-17088
CVE-2020-17090
CVE-2020-17092
CVE-2020-17094
CVE-2020-17096
CVE-2020-17097
CVE-2020-17098
CVE-2020-17099
CVE-2020-17103
CVE-2020-17113
CVE-2020-17134
CVE-2020-17136
CVE-2020-17139
CVE-2020-17140
CVE-2021-1637
CVE-2021-1638
CVE-2021-1642
CVE-2021-1645
CVE-2021-1646
CVE-2021-1648
CVE-2021-1649
CVE-2021-1650
CVE-2021-1651
CVE-2021-1652
CVE-2021-1653
CVE-2021-1654
CVE-2021-1655
CVE-2021-1656
CVE-2021-1657
CVE-2021-1658
CVE-2021-1659
CVE-2021-1660
CVE-2021-1661
CVE-2021-1662
CVE-2021-1664
CVE-2021-1665
CVE-2021-1666
CVE-2021-1667
CVE-2021-1668
CVE-2021-1669
CVE-2021-1671
CVE-2021-1672
CVE-2021-1673
CVE-2021-1674
CVE-2021-1676
CVE-2021-1678
CVE-2021-1679
CVE-2021-1680
CVE-2021-1681
CVE-2021-1682
CVE-2021-1683
CVE-2021-1684
CVE-2021-1685
CVE-2021-1686
CVE-2021-1687
CVE-2021-1688
CVE-2021-1689
CVE-2021-1690
CVE-2021-1693
CVE-2021-1694
CVE-2021-1695
CVE-2021-1696
CVE-2021-1697
CVE-2021-1699
CVE-2021-1700
CVE-2021-1701
CVE-2021-1702
CVE-2021-1706
CVE-2021-1708
CVE-2021-1709
CVE-2021-1710
Proprietary Code CVE Description CVSSBase Score CVSS Vector String
CVE-2021-21548 Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367. 
7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
JQuery CVE-2015-9251 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
sudo CVE-2021-3156 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Oracle CVE-2021-23841 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2021-3450
CVE-2021-2161
CVE-2021-2163
Internet Explorer 11 CVE-2020-17052 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-17053  
CVE-2020-17058  
Microsoft .NET CVE-2020-16937 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2020-0764 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2020-1167
CVE-2020-1599
CVE-2020-16876
CVE-2020-16887
CVE-2020-16889
CVE-2020-16890
CVE-2020-16892
CVE-2020-16895
CVE-2020-16896
CVE-2020-16897
CVE-2020-16898
CVE-2020-16899
CVE-2020-16900
CVE-2020-16902
CVE-2020-16905
CVE-2020-16907
CVE-2020-16908
CVE-2020-16909
CVE-2020-16910
CVE-2020-16911
CVE-2020-16912
CVE-2020-16913
CVE-2020-16914
CVE-2020-16915
CVE-2020-16916
CVE-2020-16919
CVE-2020-16920
CVE-2020-16921
CVE-2020-16922
CVE-2020-16923
CVE-2020-16924
CVE-2020-16927
CVE-2020-16935
CVE-2020-16936
CVE-2020-16939
CVE-2020-16940
CVE-2020-16958
CVE-2020-16959
CVE-2020-16960
CVE-2020-16961
CVE-2020-16962
CVE-2020-16963
CVE-2020-16964
CVE-2020-16967
CVE-2020-16968
CVE-2020-16972
CVE-2020-16973
CVE-2020-16974
CVE-2020-16975
CVE-2020-16976
CVE-2020-16997
CVE-2020-16998
CVE-2020-16999
CVE-2020-17000
CVE-2020-17001
CVE-2020-17004
CVE-2020-17007
CVE-2020-17011
CVE-2020-17013
CVE-2020-17014
CVE-2020-17022
CVE-2020-17024
CVE-2020-17025
CVE-2020-17026
CVE-2020-17027
CVE-2020-17028
CVE-2020-17029
CVE-2020-17030
CVE-2020-17031
CVE-2020-17032
CVE-2020-17033
CVE-2020-17034
CVE-2020-17035
CVE-2020-17036
CVE-2020-17037
CVE-2020-17038
CVE-2020-17041
CVE-2020-17042
CVE-2020-17043
CVE-2020-17044
CVE-2020-17045
CVE-2020-17046
CVE-2020-17047
CVE-2020-17055
CVE-2020-17056
CVE-2020-17057
CVE-2020-17068
CVE-2020-17069
CVE-2020-17070
CVE-2020-17071
CVE-2020-17075
CVE-2020-17077
CVE-2020-17087
CVE-2020-17088
CVE-2020-17090
CVE-2020-17092
CVE-2020-17094
CVE-2020-17096
CVE-2020-17097
CVE-2020-17098
CVE-2020-17099
CVE-2020-17103
CVE-2020-17113
CVE-2020-17134
CVE-2020-17136
CVE-2020-17139
CVE-2020-17140
CVE-2021-1637
CVE-2021-1638
CVE-2021-1642
CVE-2021-1645
CVE-2021-1646
CVE-2021-1648
CVE-2021-1649
CVE-2021-1650
CVE-2021-1651
CVE-2021-1652
CVE-2021-1653
CVE-2021-1654
CVE-2021-1655
CVE-2021-1656
CVE-2021-1657
CVE-2021-1658
CVE-2021-1659
CVE-2021-1660
CVE-2021-1661
CVE-2021-1662
CVE-2021-1664
CVE-2021-1665
CVE-2021-1666
CVE-2021-1667
CVE-2021-1668
CVE-2021-1669
CVE-2021-1671
CVE-2021-1672
CVE-2021-1673
CVE-2021-1674
CVE-2021-1676
CVE-2021-1678
CVE-2021-1679
CVE-2021-1680
CVE-2021-1681
CVE-2021-1682
CVE-2021-1683
CVE-2021-1684
CVE-2021-1685
CVE-2021-1686
CVE-2021-1687
CVE-2021-1688
CVE-2021-1689
CVE-2021-1690
CVE-2021-1693
CVE-2021-1694
CVE-2021-1695
CVE-2021-1696
CVE-2021-1697
CVE-2021-1699
CVE-2021-1700
CVE-2021-1701
CVE-2021-1702
CVE-2021-1706
CVE-2021-1708
CVE-2021-1709
CVE-2021-1710
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.27 9.1.0.27

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.27 9.1.0.27

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.1.8 9.2.1.8

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.1.8 9.2.1.8

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Solutions Enabler Versions before 9.1.0.16 9.1.0.16

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.16 9.1.0.16

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.1.2 9.2.1.2

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.1.2 9.2.1.2

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
PowerMax OS 5978 5978 Request OPT 583679 for Foxtail SR and Hickory SR
 
Notes:
  • CVE-2020-5367 was not fully addressed in the Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17.
  • DSA-2021-134 addresses the improper certificate validation vulnerability in the Dell EMC Unisphere for PowerMax version 9.1.0.27(CVE-2021-21548).
  • Dell EMC highly recommends all users upgrade Dell EMC Unisphere for PowerMax to version 9.1.0.27 at their earliest opportunity.
Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.27 9.1.0.27

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.27 9.1.0.27

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.1.8 9.2.1.8

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.1.8 9.2.1.8

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Solutions Enabler Versions before 9.1.0.16 9.1.0.16

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.16 9.1.0.16

EEM: 9.1.0.856
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.1.2 9.2.1.2

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.1.2 9.2.1.2

EEM: 9.2.1.187
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
PowerMax OS 5978 5978 Request OPT 583679 for Foxtail SR and Hickory SR
 
Notes:
  • CVE-2020-5367 was not fully addressed in the Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17.
  • DSA-2021-134 addresses the improper certificate validation vulnerability in the Dell EMC Unisphere for PowerMax version 9.1.0.27(CVE-2021-21548).
  • Dell EMC highly recommends all users upgrade Dell EMC Unisphere for PowerMax to version 9.1.0.27 at their earliest opportunity.

Acknowledgements

CVE-2021-21548: Dell would like to thank Thorsten Tüllmann for reporting the Unisphere for PowerMax certificate validation issue.
 

Revision History

RevisionDateDescription
1.02021-07-22Initial release: Q2 2021 Security Release for PowerMax Foxtail SR and Hickory SR releases.
2.02021-10-04 Version update and Note in CVE Description added. Affected Products and Remediation updated with details concerning, Note: CVE-2021-21548 addresses incomplete fix for CVE-2020-5367
 

Related Information


Article Properties


Affected Product

PowerMax, PowerMax 2000, PowerMax 8000, Product Security Information, Solutions Enabler, Solutions Enabler Series, Unisphere for PowerMax

Last Published Date

04 Oct 2021

Version

2

Article Type

Dell Security Advisory