Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000194091


DSA-2021-253: Dell EMC PowerFlex Rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761
Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Revision History

RevisionDateDescription
1.02021-12-03Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

PowerFlex rack, Product Security Information, PowerFlex Software, PowerFlex rack

Last Published Date

03 Dec 2021

Version

1

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters