Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000194640


DSA-2021-226: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax vApp, Dell EMC Solutions Enabler vApp, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax EMB Mgmt Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMCSee more

Article Content


Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36338 Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.  A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
SLES 12 SP5 See SUSE Update Advisories. See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories.

SUSE-SU-2021:3290-1
SUSE-SU-2021:3289-1
SUSE-SU-2021:3251-1
SUSE-SU-2021:3215-1
SUSE-SU-2021:3214-1
SUSE-SU-2021:3206-1
SUSE-SU-2021:3180-1
SUSE-SU-2021:3144-1
SUSE-SU-2021:3121-1
SUSE-SU-2021:2995-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2917-1
SUSE-SU-2021:2876-1
SUSE-SU-2021:2813-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2615-1
SUSE-SU-2021:2590-1
SUSE-SU-2021:2462-1
SUSE-SU-2021:2451-1
SUSE-SU-2021:2424-1
SUSE-SU-2021:2423-1
SUSE-SU-2021:2405-1
SUSE-SU-2021:2236-1
SUSE-SU-2021:1957-1
SUSE-SU-2021:1952-1
SUSE-SU-2021:1646-1
SUSE-SU-2021:1621-1
SUSE-SU-2021:1494-1
SUSE-SU-2021:1468-1
SUSE-SU-2021:1453-1
SUSE-SU-2021:1438-1
SUSE-SU-2021:0693-1
SUSE-SU-2020:0920-2
 
Oracle CVE-2021-35603
CVE-2021-35588
CVE-2021-35586
CVE-2021-35578
CVE-2021-35567
CVE-2021-35565
CVE-2021-35564
CVE-2021-35561
CVE-2021-35560
CVE-2021-35559
CVE-2021-35556
CVE-2021-35550
CVE-2021-3522
CVE-2021-3517
CVE-2021-27290
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2021-41347
CVE-2021-41345
CVE-2021-41343
CVE-2021-41342
CVE-2021-41340
CVE-2021-41338
CVE-2021-41335
CVE-2021-41332
CVE-2021-41331
CVE-2021-41330
CVE-2021-40489
CVE-2021-40488
CVE-2021-40478
CVE-2021-40477
CVE-2021-40476
CVE-2021-40475
CVE-2021-40470
CVE-2021-40467
CVE-2021-40466
CVE-2021-40465
CVE-2021-40464
CVE-2021-40463
CVE-2021-40462
CVE-2021-40460
CVE-2021-40455
CVE-2021-40454
CVE-2021-40450
CVE-2021-40449
CVE-2021-40447
CVE-2021-40444
CVE-2021-40443
CVE-2021-38671
CVE-2021-38667
CVE-2021-38663
CVE-2021-38662
CVE-2021-38639
CVE-2021-38638
CVE-2021-38637
CVE-2021-38636
CVE-2021-38635
CVE-2021-38634
CVE-2021-38633
CVE-2021-38632
CVE-2021-38630
CVE-2021-38629
CVE-2021-38628
CVE-2021-38624
CVE-2021-36975
CVE-2021-36974
CVE-2021-36973
CVE-2021-36972
CVE-2021-36970
CVE-2021-36969
CVE-2021-36967
CVE-2021-36966
CVE-2021-36965
CVE-2021-36964
CVE-2021-36963
CVE-2021-36962
CVE-2021-36961
CVE-2021-36960
CVE-2021-36959
CVE-2021-36958
CVE-2021-36955
CVE-2021-36954
CVE-2021-36953
CVE-2021-36948
CVE-2021-36947
CVE-2021-36938
CVE-2021-36937
CVE-2021-36936
CVE-2021-36933
CVE-2021-36932
CVE-2021-36926
CVE-2021-34537
CVE-2021-34536
CVE-2021-34535
CVE-2021-34534
CVE-2021-34533
CVE-2021-34530
CVE-2021-34487
CVE-2021-34486
CVE-2021-34484
CVE-2021-34483
CVE-2021-34480
CVE-2021-26442
CVE-2021-26441
CVE-2021-26435
CVE-2021-26433
CVE-2021-26432
CVE-2021-26426
CVE-2021-26425
CVE-2021-26424
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36338 Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339 The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts.  A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More information
SLES 12 SP5 See SUSE Update Advisories. See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories.

SUSE-SU-2021:3290-1
SUSE-SU-2021:3289-1
SUSE-SU-2021:3251-1
SUSE-SU-2021:3215-1
SUSE-SU-2021:3214-1
SUSE-SU-2021:3206-1
SUSE-SU-2021:3180-1
SUSE-SU-2021:3144-1
SUSE-SU-2021:3121-1
SUSE-SU-2021:2995-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2930-1
SUSE-SU-2021:2917-1
SUSE-SU-2021:2876-1
SUSE-SU-2021:2813-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2808-1
SUSE-SU-2021:2615-1
SUSE-SU-2021:2590-1
SUSE-SU-2021:2462-1
SUSE-SU-2021:2451-1
SUSE-SU-2021:2424-1
SUSE-SU-2021:2423-1
SUSE-SU-2021:2405-1
SUSE-SU-2021:2236-1
SUSE-SU-2021:1957-1
SUSE-SU-2021:1952-1
SUSE-SU-2021:1646-1
SUSE-SU-2021:1621-1
SUSE-SU-2021:1494-1
SUSE-SU-2021:1468-1
SUSE-SU-2021:1453-1
SUSE-SU-2021:1438-1
SUSE-SU-2021:0693-1
SUSE-SU-2020:0920-2
 
Oracle CVE-2021-35603
CVE-2021-35588
CVE-2021-35586
CVE-2021-35578
CVE-2021-35567
CVE-2021-35565
CVE-2021-35564
CVE-2021-35561
CVE-2021-35560
CVE-2021-35559
CVE-2021-35556
CVE-2021-35550
CVE-2021-3522
CVE-2021-3517
CVE-2021-27290
See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10 CVE-2021-41347
CVE-2021-41345
CVE-2021-41343
CVE-2021-41342
CVE-2021-41340
CVE-2021-41338
CVE-2021-41335
CVE-2021-41332
CVE-2021-41331
CVE-2021-41330
CVE-2021-40489
CVE-2021-40488
CVE-2021-40478
CVE-2021-40477
CVE-2021-40476
CVE-2021-40475
CVE-2021-40470
CVE-2021-40467
CVE-2021-40466
CVE-2021-40465
CVE-2021-40464
CVE-2021-40463
CVE-2021-40462
CVE-2021-40460
CVE-2021-40455
CVE-2021-40454
CVE-2021-40450
CVE-2021-40449
CVE-2021-40447
CVE-2021-40444
CVE-2021-40443
CVE-2021-38671
CVE-2021-38667
CVE-2021-38663
CVE-2021-38662
CVE-2021-38639
CVE-2021-38638
CVE-2021-38637
CVE-2021-38636
CVE-2021-38635
CVE-2021-38634
CVE-2021-38633
CVE-2021-38632
CVE-2021-38630
CVE-2021-38629
CVE-2021-38628
CVE-2021-38624
CVE-2021-36975
CVE-2021-36974
CVE-2021-36973
CVE-2021-36972
CVE-2021-36970
CVE-2021-36969
CVE-2021-36967
CVE-2021-36966
CVE-2021-36965
CVE-2021-36964
CVE-2021-36963
CVE-2021-36962
CVE-2021-36961
CVE-2021-36960
CVE-2021-36959
CVE-2021-36958
CVE-2021-36955
CVE-2021-36954
CVE-2021-36953
CVE-2021-36948
CVE-2021-36947
CVE-2021-36938
CVE-2021-36937
CVE-2021-36936
CVE-2021-36933
CVE-2021-36932
CVE-2021-36926
CVE-2021-34537
CVE-2021-34536
CVE-2021-34535
CVE-2021-34534
CVE-2021-34533
CVE-2021-34530
CVE-2021-34487
CVE-2021-34486
CVE-2021-34484
CVE-2021-34483
CVE-2021-34480
CVE-2021-26442
CVE-2021-26441
CVE-2021-26435
CVE-2021-26433
CVE-2021-26432
CVE-2021-26426
CVE-2021-26425
CVE-2021-26424
See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360 Versions before 9.1.0.29 9.1.0.29 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360 Versions before 9.2.3.3 9.2.3.3 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA Versions before 9.1.0.723 9.1.0.723 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA Versions before 9.2.3.0 9.2.3.0 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS 5978 5978 Request OPT 593570 for Foxtail SR and Hickory SR.
 
Product Affected Versions Updated Versions Link to Update
Unisphere for PowerMax Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.1.0.31 9.1.0.31

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance Versions before 9.2.3.4 9.2.3.4

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360 Versions before 9.1.0.29 9.1.0.29 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360 Versions before 9.2.3.3 9.2.3.3 https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.1.0.18 9.1.0.18

EEM: 9.1.0.860
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance Versions before 9.2.3.0 9.2.3.0

EEM: 9.2.3.10
https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA Versions before 9.1.0.723 9.1.0.723 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA Versions before 9.2.3.0 9.2.3.0 https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS 5978 5978 Request OPT 593570 for Foxtail SR and Hickory SR.
 
Acknowledgements

CVE-2021-36338: Dell Technologies would like to thank Mateusz Dąbrowski for reporting this issue.

CVE-2021-36339: Dell Technologies would like to thank Thorsten Tüllmann for reporting this issue.

Revision History

RevisionDateDescription
1.02021-12-19PowerMax Q4 2021 Quarterly Security Update

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

PowerMax, PowerMax, PowerMaxOS 5978, Product Security Information, Solutions Enabler, Solutions Enabler Series, Unisphere 360, Unisphere for PowerMax, VASA Provider

Last Published Date

20 Dec 2021

Version

1

Article Type

Dell Security Advisory

Rate This Article


Accurate
Useful
Easy to Understand
Was this article helpful?

0/3000 characters