Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000190876


DSA-2021-162: Dell EMC ECS Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC ECS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Third-Party Component CVE(s) More information
Netty CVE-2019-20444 NVD - CVE-2019-20444
CVE-2019-20445 NVD - CVE-2019-20445
CVE-2020-11612 NVD - CVE-2020-11612
CVE-2020-7238 NVD - CVE-2020-7238
Square Retrofit CVE-2018-1000850 NVD - CVE-2018-1000850
Linux Kernel CVE-2020-29368 NVD - CVE-2020-29368
CVE-2020-29661 NVD - CVE-2020-29661
CVE-2020-35519 NVD - CVE-2020-35519
CVE-2021-23133 NVD - CVE-2021-23133
CVE-2021-23134 NVD - CVE-2021-23134
CVE-2021-27364 NVD - CVE-2021-27364
CVE-2021-27365 NVD - CVE-2021-27365
CVE-2021-28660 NVD - CVE-2021-28660
CVE-2021-29154 NVD - CVE-2021-29154
CVE-2021-32399 NVD - CVE-2021-32399
CVE-2021-33034 NVD - CVE-2021-33034
CVE-2021-33200 NVD - CVE-2021-33200
CVE-2021-3347 NVD - CVE-2021-3347
CVE-2021-3444 NVD - CVE-2021-3444
GNU C Library CVE-2020-29573 NVD - CVE-2020-29573
JSON Smart CVE-2021-27568 NVD - CVE-2021-27568
XStream CVE-2019-10173 NVD - CVE-2019-10173
CVE-2021-21341 NVD - CVE-2021-21341
CVE-2021-21342 NVD - CVE-2021-21342
CVE-2021-21343 NVD - CVE-2021-21343
CVE-2021-21344 NVD - CVE-2021-21344
CVE-2021-21345 NVD - CVE-2021-21345
CVE-2021-21346 NVD - CVE-2021-21346
CVE-2021-21347 NVD - CVE-2021-21347
CVE-2021-21348 NVD - CVE-2021-21348
CVE-2021-21349 NVD - CVE-2021-21349
CVE-2021-21350 NVD - CVE-2021-21350
CVE-2021-21351 NVD - CVE-2021-21351
CVE-2021-29505 NVD - CVE-2021-29505
GRUB2 CVE-2020-14372 NVD - CVE-2020-14372
CVE-2020-25632 NVD - CVE-2020-25632
CVE-2020-25647 NVD - CVE-2020-25647
CVE-2020-27779 NVD - CVE-2020-27779
CVE-2021-20233 NVD - CVE-2021-20233
libX11 CVE-2021-31535 NVD - CVE-2021-31535
Nettle CVE-2021-20305 NVD - CVE-2021-20305
Python 3 CVE-2020-27619 NVD - CVE-2020-27619
Jasper Runtime CVE-2020-27828 NVD - CVE-2020-27828
Sudo CVE-2021-3156 NVD - CVE-2021-3156
Third-Party Component CVE(s) More information
Netty CVE-2019-20444 NVD - CVE-2019-20444
CVE-2019-20445 NVD - CVE-2019-20445
CVE-2020-11612 NVD - CVE-2020-11612
CVE-2020-7238 NVD - CVE-2020-7238
Square Retrofit CVE-2018-1000850 NVD - CVE-2018-1000850
Linux Kernel CVE-2020-29368 NVD - CVE-2020-29368
CVE-2020-29661 NVD - CVE-2020-29661
CVE-2020-35519 NVD - CVE-2020-35519
CVE-2021-23133 NVD - CVE-2021-23133
CVE-2021-23134 NVD - CVE-2021-23134
CVE-2021-27364 NVD - CVE-2021-27364
CVE-2021-27365 NVD - CVE-2021-27365
CVE-2021-28660 NVD - CVE-2021-28660
CVE-2021-29154 NVD - CVE-2021-29154
CVE-2021-32399 NVD - CVE-2021-32399
CVE-2021-33034 NVD - CVE-2021-33034
CVE-2021-33200 NVD - CVE-2021-33200
CVE-2021-3347 NVD - CVE-2021-3347
CVE-2021-3444 NVD - CVE-2021-3444
GNU C Library CVE-2020-29573 NVD - CVE-2020-29573
JSON Smart CVE-2021-27568 NVD - CVE-2021-27568
XStream CVE-2019-10173 NVD - CVE-2019-10173
CVE-2021-21341 NVD - CVE-2021-21341
CVE-2021-21342 NVD - CVE-2021-21342
CVE-2021-21343 NVD - CVE-2021-21343
CVE-2021-21344 NVD - CVE-2021-21344
CVE-2021-21345 NVD - CVE-2021-21345
CVE-2021-21346 NVD - CVE-2021-21346
CVE-2021-21347 NVD - CVE-2021-21347
CVE-2021-21348 NVD - CVE-2021-21348
CVE-2021-21349 NVD - CVE-2021-21349
CVE-2021-21350 NVD - CVE-2021-21350
CVE-2021-21351 NVD - CVE-2021-21351
CVE-2021-29505 NVD - CVE-2021-29505
GRUB2 CVE-2020-14372 NVD - CVE-2020-14372
CVE-2020-25632 NVD - CVE-2020-25632
CVE-2020-25647 NVD - CVE-2020-25647
CVE-2020-27779 NVD - CVE-2020-27779
CVE-2021-20233 NVD - CVE-2021-20233
libX11 CVE-2021-31535 NVD - CVE-2021-31535
Nettle CVE-2021-20305 NVD - CVE-2021-20305
Python 3 CVE-2020-27619 NVD - CVE-2020-27619
Jasper Runtime CVE-2020-27828 NVD - CVE-2020-27828
Sudo CVE-2021-3156 NVD - CVE-2021-3156

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2019-20444 Dell EMC ECS All versions < 3.6.2.0 3.6.2.0 Link to update

 
CVE-2019-20445
CVE-2020-11612
CVE-2020-7238
CVE-2018-1000850
CVE-2020-29368
CVE-2020-29661
CVE-2020-35519
CVE-2021-23133
CVE-2021-23134
CVE-2021-27364
CVE-2021-27365
CVE-2021-28660
CVE-2021-29154
CVE-2021-32399
CVE-2021-33034
CVE-2021-33200
CVE-2021-3347
CVE-2021-3444
CVE-2020-29573
CVE-2021-27568
CVE-2019-10173
CVE-2021-21341
CVE-2021-21342
CVE-2021-21343
CVE-2021-21344
CVE-2021-21345
CVE-2021-21346
CVE-2021-21347
CVE-2021-21348
CVE-2021-21349
CVE-2021-21350
CVE-2021-21351
CVE-2021-29505
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27779
CVE-2021-20233
CVE-2021-31535
CVE-2021-20305
CVE-2020-27619
CVE-2020-27828
CVE-2021-3156
CVE(s) Addressed Product Affected Version(s) Updated Version(s) Link to Update
CVE-2019-20444 Dell EMC ECS All versions < 3.6.2.0 3.6.2.0 Link to update

 
CVE-2019-20445
CVE-2020-11612
CVE-2020-7238
CVE-2018-1000850
CVE-2020-29368
CVE-2020-29661
CVE-2020-35519
CVE-2021-23133
CVE-2021-23134
CVE-2021-27364
CVE-2021-27365
CVE-2021-28660
CVE-2021-29154
CVE-2021-32399
CVE-2021-33034
CVE-2021-33200
CVE-2021-3347
CVE-2021-3444
CVE-2020-29573
CVE-2021-27568
CVE-2019-10173
CVE-2021-21341
CVE-2021-21342
CVE-2021-21343
CVE-2021-21344
CVE-2021-21345
CVE-2021-21346
CVE-2021-21347
CVE-2021-21348
CVE-2021-21349
CVE-2021-21350
CVE-2021-21351
CVE-2021-29505
CVE-2020-14372
CVE-2020-25632
CVE-2020-25647
CVE-2020-27779
CVE-2021-20233
CVE-2021-31535
CVE-2021-20305
CVE-2020-27619
CVE-2020-27828
CVE-2021-3156

Workarounds and Mitigations

None.

Revision History

RevisionDateDescription
1.02021-08-23Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

ECS, ECS Appliance, ECS Appliance Gen 2, ECS Appliance Gen 3, ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX3000, ECS Appliance Hardware Gen2 C-Series, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900ECS, ECS Appliance, ECS Appliance Gen 2, ECS Appliance Gen 3, ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX3000, ECS Appliance Hardware Gen2 C-Series, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption, ECS SD, Product Security InformationSee more

Last Published Date

23 Aug 2021

Version

1

Article Type

Dell Security Advisory