Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

DSA-2021-226: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax vApp, Dell EMC Solutions Enabler vApp, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax EMB Mgmt Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax Embedded Management contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

This article applies to   This article does not apply to 

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36338 Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.  A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
SLES 12 SP5 See SUSE Update Advisories. See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories.

SUSE-SU-2021:3290-1
SUSE-SU-2021:3289-1
SUSE-SU-2021:3251-1
SUSE-SU-2021:3215-1
SUSE-SU-2021:3214-1
SUSE-SU-2021:3206-1
SUSE-SU-2021:3180-1
SUSE-SU-2021:3144-1
SUSE-SU-2021:3121-1
SUSE-SU-2021:2995-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2917-1
SUSE-SU-2021:2876-1
SUSE-SU-2021:2813-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2615-1
SUSE-SU-2021:2590-1
SUSE-SU-2021:2462-1
SUSE-SU-2021:2451-1
SUSE-SU-2021:2424-1
SUSE-SU-2021:2423-1
SUSE-SU-2021:2405-1
SUSE-SU-2021:2236-1
SUSE-SU-2021:1957-1
SUSE-SU-2021:1952-1
SUSE-SU-2021:1646-1
SUSE-SU-2021:1621-1
SUSE-SU-2021:1494-1
SUSE-SU-2021:1468-1
SUSE-SU-2021:1453-1
SUSE-SU-2021:1438-1
SUSE-SU-2021:0693-1
SUSE-SU-2020:0920-2
 
Oracle CVE-2021-35603
CVE-2021-35588
CVE-2021-35586
CVE-2021-35578
CVE-2021-35567
CVE-2021-35565
CVE-2021-35564
CVE-2021-35561
CVE-2021-35560
CVE-2021-35559
CVE-2021-35556
CVE-2021-35550
CVE-2021-3522
CVE-2021-3517
CVE-2021-27290
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2021-41347
CVE-2021-41345
CVE-2021-41343
CVE-2021-41342
CVE-2021-41340
CVE-2021-41338
CVE-2021-41335
CVE-2021-41332
CVE-2021-41331
CVE-2021-41330
CVE-2021-40489
CVE-2021-40488
CVE-2021-40478
CVE-2021-40477
CVE-2021-40476
CVE-2021-40475
CVE-2021-40470
CVE-2021-40467
CVE-2021-40466
CVE-2021-40465
CVE-2021-40464
CVE-2021-40463
CVE-2021-40462
CVE-2021-40460
CVE-2021-40455
CVE-2021-40454
CVE-2021-40450
CVE-2021-40449
CVE-2021-40447
CVE-2021-40444
CVE-2021-40443
CVE-2021-38671
CVE-2021-38667
CVE-2021-38663
CVE-2021-38662
CVE-2021-38639
CVE-2021-38638
CVE-2021-38637
CVE-2021-38636
CVE-2021-38635
CVE-2021-38634
CVE-2021-38633
CVE-2021-38632
CVE-2021-38630
CVE-2021-38629
CVE-2021-38628
CVE-2021-38624
CVE-2021-36975
CVE-2021-36974
CVE-2021-36973
CVE-2021-36972
CVE-2021-36970
CVE-2021-36969
CVE-2021-36967
CVE-2021-36966
CVE-2021-36965
CVE-2021-36964
CVE-2021-36963
CVE-2021-36962
CVE-2021-36961
CVE-2021-36960
CVE-2021-36959
CVE-2021-36958
CVE-2021-36955
CVE-2021-36954
CVE-2021-36953
CVE-2021-36948
CVE-2021-36947
CVE-2021-36938
CVE-2021-36937
CVE-2021-36936
CVE-2021-36933
CVE-2021-36932
CVE-2021-36926
CVE-2021-34537
CVE-2021-34536
CVE-2021-34535
CVE-2021-34534
CVE-2021-34533
CVE-2021-34530
CVE-2021-34487
CVE-2021-34486
CVE-2021-34484
CVE-2021-34483
CVE-2021-34480
CVE-2021-26442
CVE-2021-26441
CVE-2021-26435
CVE-2021-26433
CVE-2021-26432
CVE-2021-26426
CVE-2021-26425
CVE-2021-26424
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36338 Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.  A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
SLES 12 SP5 See SUSE Update Advisories. See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories.

SUSE-SU-2021:3290-1
SUSE-SU-2021:3289-1
SUSE-SU-2021:3251-1
SUSE-SU-2021:3215-1
SUSE-SU-2021:3214-1
SUSE-SU-2021:3206-1
SUSE-SU-2021:3180-1
SUSE-SU-2021:3144-1
SUSE-SU-2021:3121-1
SUSE-SU-2021:2995-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2917-1
SUSE-SU-2021:2876-1
SUSE-SU-2021:2813-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2615-1
SUSE-SU-2021:2590-1
SUSE-SU-2021:2462-1
SUSE-SU-2021:2451-1
SUSE-SU-2021:2424-1
SUSE-SU-2021:2423-1
SUSE-SU-2021:2405-1
SUSE-SU-2021:2236-1
SUSE-SU-2021:1957-1
SUSE-SU-2021:1952-1
SUSE-SU-2021:1646-1
SUSE-SU-2021:1621-1
SUSE-SU-2021:1494-1
SUSE-SU-2021:1468-1
SUSE-SU-2021:1453-1
SUSE-SU-2021:1438-1
SUSE-SU-2021:0693-1
SUSE-SU-2020:0920-2
 
Oracle CVE-2021-35603
CVE-2021-35588
CVE-2021-35586
CVE-2021-35578
CVE-2021-35567
CVE-2021-35565
CVE-2021-35564
CVE-2021-35561
CVE-2021-35560
CVE-2021-35559
CVE-2021-35556
CVE-2021-35550
CVE-2021-3522
CVE-2021-3517
CVE-2021-27290
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2021-41347
CVE-2021-41345
CVE-2021-41343
CVE-2021-41342
CVE-2021-41340
CVE-2021-41338
CVE-2021-41335
CVE-2021-41332
CVE-2021-41331
CVE-2021-41330
CVE-2021-40489
CVE-2021-40488
CVE-2021-40478
CVE-2021-40477
CVE-2021-40476
CVE-2021-40475
CVE-2021-40470
CVE-2021-40467
CVE-2021-40466
CVE-2021-40465
CVE-2021-40464
CVE-2021-40463
CVE-2021-40462
CVE-2021-40460
CVE-2021-40455
CVE-2021-40454
CVE-2021-40450
CVE-2021-40449
CVE-2021-40447
CVE-2021-40444
CVE-2021-40443
CVE-2021-38671
CVE-2021-38667
CVE-2021-38663
CVE-2021-38662
CVE-2021-38639
CVE-2021-38638
CVE-2021-38637
CVE-2021-38636
CVE-2021-38635
CVE-2021-38634
CVE-2021-38633
CVE-2021-38632
CVE-2021-38630
CVE-2021-38629
CVE-2021-38628
CVE-2021-38624
CVE-2021-36975
CVE-2021-36974
CVE-2021-36973
CVE-2021-36972
CVE-2021-36970
CVE-2021-36969
CVE-2021-36967
CVE-2021-36966
CVE-2021-36965
CVE-2021-36964
CVE-2021-36963
CVE-2021-36962
CVE-2021-36961
CVE-2021-36960
CVE-2021-36959
CVE-2021-36958
CVE-2021-36955
CVE-2021-36954
CVE-2021-36953
CVE-2021-36948
CVE-2021-36947
CVE-2021-36938
CVE-2021-36937
CVE-2021-36936
CVE-2021-36933
CVE-2021-36932
CVE-2021-36926
CVE-2021-34537
CVE-2021-34536
CVE-2021-34535
CVE-2021-34534
CVE-2021-34533
CVE-2021-34530
CVE-2021-34487
CVE-2021-34486
CVE-2021-34484
CVE-2021-34483
CVE-2021-34480
CVE-2021-26442
CVE-2021-26441
CVE-2021-26435
CVE-2021-26433
CVE-2021-26432
CVE-2021-26426
CVE-2021-26425
CVE-2021-26424
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360 Versions before 9.1.0.29 9.1.0.29 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360 Versions before 9.2.3.3 9.2.3.3 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA Versions before 9.1.0.723 9.1.0.723 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA Versions before 9.2.3.0 9.2.3.0 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS 5978 5978 Request OPT 593570 for Foxtail SR and Hickory SR.
 
Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360 Versions before 9.1.0.29 9.1.0.29 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360 Versions before 9.2.3.3 9.2.3.3 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA Versions before 9.1.0.723 9.1.0.723 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA Versions before 9.2.3.0 9.2.3.0 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS 5978 5978 Request OPT 593570 for Foxtail SR and Hickory SR.
 

Revision History

RevisionDateDescription
1.02021-12-19PowerMax Q4 2021 Quarterly Security Update

Acknowledgements

CVE-2021-36338: Dell Technologies would like to thank Mateusz Dąbrowski for reporting this issue.

CVE-2021-36339: Dell Technologies would like to thank Thorsten Tüllmann for reporting this issue.

Related Information

Affected Products

PowerMax, PowerMax, PowerMaxOS 5978, Product Security Information, Solutions Enabler, Solutions Enabler Series, Unisphere 360, Unisphere for PowerMax, VASA Provider
Article Properties
Article Number: 000194640
Article Type: Dell Security Advisory
Last Modified: 20 Dec 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.