Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000200092


DSA-2022-136: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Third-party Component CVEs More information
VxM SUSE CVE-2015-8985 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2018-20573
CVE-2018-20574
CVE-2018-25032
CVE-2019-6285
CVE-2019-6292
CVE-2021-0920
CVE-2021-22570
CVE-2021-25220
CVE-2021-31799
CVE-2021-31810
CVE-2021-32066
CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-39698
CVE-2021-3984
CVE-2021-3999
CVE-2021-4019
CVE-2021-41617
CVE-2021-41817
CVE-2021-4193
CVE-2021-44879
CVE-2021-45868
CVE-2021-46059
CVE-2022-0001
CVE-2022-0002
CVE-2022-0318
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0516
CVE-2022-0617
CVE-2022-0644
CVE-2022-0778
CVE-2022-0847
CVE-2022-0850
CVE-2022-0854
CVE-2022-0934
CVE-2022-1015
CVE-2022-1016
CVE-2022-1048
CVE-2022-1055
CVE-2022-1097
CVE-2022-1271
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-22934
CVE-2022-22935
CVE-2022-22936
CVE-2022-22941
CVE-2022-23036
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23040
CVE-2022-23041
CVE-2022-23042
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-24407
CVE-2022-24448
CVE-2022-24958
CVE-2022-24959
CVE-2022-25235
CVE-2022-25236
CVE-2022-25258
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
CVE-2022-25375
CVE-2022-26490
CVE-2022-26966
CVE-2022-27666
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
CVE-2022-28739
Third-party Component CVEs More information
VxM SUSE CVE-2015-8985 See NVD (http://nvd.nist.gov/) for individual scores for each CVE
CVE-2018-20573
CVE-2018-20574
CVE-2018-25032
CVE-2019-6285
CVE-2019-6292
CVE-2021-0920
CVE-2021-22570
CVE-2021-25220
CVE-2021-31799
CVE-2021-31810
CVE-2021-32066
CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-39698
CVE-2021-3984
CVE-2021-3999
CVE-2021-4019
CVE-2021-41617
CVE-2021-41817
CVE-2021-4193
CVE-2021-44879
CVE-2021-45868
CVE-2021-46059
CVE-2022-0001
CVE-2022-0002
CVE-2022-0318
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
CVE-2022-0435
CVE-2022-0487
CVE-2022-0492
CVE-2022-0516
CVE-2022-0617
CVE-2022-0644
CVE-2022-0778
CVE-2022-0847
CVE-2022-0850
CVE-2022-0854
CVE-2022-0934
CVE-2022-1015
CVE-2022-1016
CVE-2022-1048
CVE-2022-1055
CVE-2022-1097
CVE-2022-1271
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21476
CVE-2022-21496
CVE-2022-22934
CVE-2022-22935
CVE-2022-22936
CVE-2022-22941
CVE-2022-23036
CVE-2022-23037
CVE-2022-23038
CVE-2022-23039
CVE-2022-23040
CVE-2022-23041
CVE-2022-23042
CVE-2022-23181
CVE-2022-23218
CVE-2022-23219
CVE-2022-24407
CVE-2022-24448
CVE-2022-24958
CVE-2022-24959
CVE-2022-25235
CVE-2022-25236
CVE-2022-25258
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
CVE-2022-25375
CVE-2022-26490
CVE-2022-26966
CVE-2022-27666
CVE-2022-28388
CVE-2022-28389
CVE-2022-28390
CVE-2022-28739

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Version
Dell VxRail 7.0.x versions before 7.0.371 7.0.371 (See NOTE in Workarounds and Mitigations section below.)
Product Affected Versions Updated Version
Dell VxRail 7.0.x versions before 7.0.371 7.0.371 (See NOTE in Workarounds and Mitigations section below.)

Workarounds and Mitigations

NOTE: A VMware issue, as described in VMware KB88055blocks hardening of VxRail 7.0.370 and later releases. Once the VMware ESXi STIG VIB is installed on the nodes, the SSH issue detailed by VMware appears. The workaround that is provided by VMware is not supported and VxRail is currently investigating the issue. Once a fix is implemented and tested, VxRail will release an updated STIG hardening package.

Revision History

RevisionDateDescription
1.02022-05-25Initial Release
1.12022-07-27Added NOTE regarding VMware issue

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance SeriesVxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series, VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560F, VxRail E560N, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560F, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570F, VxRail P580N, VXRAIL P670F, VxRail P670N, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570F, VXRAIL V670FSee more

Last Published Date

27 Jul 2022

Version

2

Article Type

Dell Security Advisory