DSA-2022-124: Dell PowerFlex Rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Critical

Details

Component CVEs More information
VMware vCenter Server CVE-2022-22948 VMware article VMSA-2022-0009 This hyperlink is taking you to a website outside of Dell Technologies.
Dell PowerEdge Server BIOS CVE-2020-12966 Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability
CVE-2021-0060 Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0127

 
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-33068
CVE-2021-0092
CVE-2021-0156
CVE-2021-0093
CVE-2019-14584 Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
CVE-2021-26373 Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities.
CVE-2021-26347
CVE-2021-26376
CVE-2021-26375
CVE-2021-26378
CVE-2021-26372
CVE-2021-26339
CVE-2021-26348
CVE-2021-26342
CVE-2021-26388
CVE-2021-26349
CVE-2021-26364
CVE-2021-26312
CVE-2021-26350
CVE-2020-12944 Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US
CVE-2020-12951
CVE-2020-12954
CVE-2020-12988
CVE-2021-26312
CVE-2021-26320
CVE-2021-26321
CVE-2021-26322
CVE-2021-26329
CVE-2021-26330
CVE-2020-12946
CVE-2020-12961
CVE-2021-26331
CVE-2021-26315
CVE-2021-26325
CVE-2021-26326
CVE-2021-26327
Dell iDRAC Lifecycle Controller Firmware
CVE-2022-24422 Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
CVE-2021-3712 Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities

 
CVE-2021-36347
CVE-2021-36348
CVE-2021-36346
ESXi CVE-2021-22045 VMware article VMSA-2022-0001 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2021-22040 VMware article VMSA-2022-0004 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2021-22041
CVE-2021-22050
Embedded OS CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Switches CVE-2022-20624 Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20650 Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20625 Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20623 Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
Spring CVE-2022-22965 https://nvd.nist.gov/vuln/detail/CVE-2022-22965 This hyperlink is taking you to a website outside of Dell Technologies.
Component CVEs More information
VMware vCenter Server CVE-2022-22948 VMware article VMSA-2022-0009 This hyperlink is taking you to a website outside of Dell Technologies.
Dell PowerEdge Server BIOS CVE-2020-12966 Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability
CVE-2021-0060 Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0127

 
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-33068
CVE-2021-0092
CVE-2021-0156
CVE-2021-0093
CVE-2019-14584 Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
CVE-2021-26373 Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities.
CVE-2021-26347
CVE-2021-26376
CVE-2021-26375
CVE-2021-26378
CVE-2021-26372
CVE-2021-26339
CVE-2021-26348
CVE-2021-26342
CVE-2021-26388
CVE-2021-26349
CVE-2021-26364
CVE-2021-26312
CVE-2021-26350
CVE-2020-12944 Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US
CVE-2020-12951
CVE-2020-12954
CVE-2020-12988
CVE-2021-26312
CVE-2021-26320
CVE-2021-26321
CVE-2021-26322
CVE-2021-26329
CVE-2021-26330
CVE-2020-12946
CVE-2020-12961
CVE-2021-26331
CVE-2021-26315
CVE-2021-26325
CVE-2021-26326
CVE-2021-26327
Dell iDRAC Lifecycle Controller Firmware
CVE-2022-24422 Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
CVE-2021-3712 Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities

 
CVE-2021-36347
CVE-2021-36348
CVE-2021-36346
ESXi CVE-2021-22045 VMware article VMSA-2022-0001 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2021-22040 VMware article VMSA-2022-0004 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2021-22041
CVE-2021-22050
Embedded OS CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
Cisco Switches CVE-2022-20624 Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20650 Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20625 Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-20623 Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
Spring CVE-2022-22965 https://nvd.nist.gov/vuln/detail/CVE-2022-22965 This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

 
CVEs Addressed Product Affected Versions Updated Versions Fix package in RCM.
CVE-2020-
12966		 PowerFlex Rack


 		 Versions before
3.3.11.3
 
Versions before
3.4.6.3

Versions before
3.5.6.3

Versions before
3.6.2.3
 		 3.3.11.3

3.4.6.3

3.5.6.3

3.6.2.3

 		 BIOS Firmware 15G version 2.6.6
BIOS Firmware 14G version 2.13
BIOS Firmware 14G version 2.13.3
BIOS Firmware 15G version 2.6.6
 
CVE-2021-
0060
CVE-2021-
0127
CVE-2021-
0103
CVE-2021-
0114
CVE-2021-
0115
CVE-2021-
0116
CVE-2021-
0117
CVE-2021-
0118
CVE-2021-
0099
CVE-2021-
0111
CVE-2021-
0107
CVE-2021-
0125
CVE-2021-
0124
CVE-2021-
33068
CVE-2021-
0092
CVE-2021-
0156
CVE-2021-
0093
CVE-2020-
12944		 Versions before
3.6.2.3
 		 3.6.2.3
 		 BIOS Firmware 15G version 2.6.6
 
CVE-2020-
12951
CVE-2020-
12954
CVE-2020-
12988
CVE-2021-
26312
CVE-2021-
26320
CVE-2021-
26321
CVE-2021-
26322
CVE-2021-
26329
CVE-2021-
26330
CVE-2020-
12946
CVE-2020-
12961
CVE-2021-
26331
CVE-2021-
26315
CVE-2021-
26325
CVE-2021-
26326
CVE-2021-
26327
CVE-2021-
3712		 Versions before
3.3.11.3		 3.3.11.3
 		 iDRAC8 version 2.82.82.82
iDRAC9 version 5.10.10.00
CVE-2021-
36347		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2021-
36348		 Versions before
3.5.6.3
 		 3.5.6.3
 
CVE-2021-
36346		 Versions before
3.6.2.3		 3.6.2.3
CVE-2021-
22045		 Versions before
3.3.11.3
 		 3.3.11.3
 		 ESXi version 6.5 EP26 (Build 19092475)
Versions before
3.4.6.3
 		 3.4.6.3
 		 ESXi version 6.5 EP26 (Build 19092475)
Versions before
3.5.6.3
 		 3.5.6.3
 		 ESXi 6.7 EP 23 Build 19195723
Versions before
3.6.2.3		 3.6.2.3 VMware-ESXi-7.0U3c-19193900
 
CVE-2019-
14584		 Versions before
3.3.11.3
 		 3.3.11.3
 		 BIOS Firmware 13G version 2.14.0
BIOS Firmware 14G version 2.13.3
BIOS Firmware 15G version 2.6.6



 
CVE-2021-
28210		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2021-
28211		 Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before
3.6.2.3		 3.6.2.3
CVE-2021-
26373		 Versions before
3.6.2.3


 		 3.6.2.3



 		 BIOS Firmware 15G version 2.6.6
 
CVE-2021-
26347
CVE-2021-
26376
CVE-2021-
26375
CVE-2021-
26378
CVE-2021-
26372
CVE-2021-
26348
CVE-2021-
26342
CVE-2021-
26388
CVE-2021-
26349
CVE-2021-
26364
CVE-2021-
22040		 Versions before
3.3.11.3
 		 3.3.11.3
 		 ESXi version 6.5 EP26 (Build 19092475)
CVE-2021-
22041		 Versions before
3.4.6.3
 		 3.4.6.3
 		 ESXi version 6.5 EP26 (Build 19092475)
CVE-2021-
22050		 Versions before
3.5.6.3
 		 3.5.6.3
 		 ESXi 6.7 EP 23 Build 19195723
CVE-2022-
24422		 Versions before
3.3.11.3
 		 3.3.11.3
 		 iDRAC9 version 5.10.10.00
Versions before
3.4.6.3
 		 3.4.6.3
 
Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before
3.6.2.3		 3.6.2.3
CVE-2022-
0778		 Versions before
3.3.11.3
 		 3.3.11.3
 		  
Versions before
3.4.6.3
 		 3.4.6.3
 		  
Versions before
3.5.6.3
 		 3.5.6.3
 		  
Versions before
3.6.2.3		 3.6.2.3  
CVE-2022-
20624		 Versions before
3.3.11.3
 		 3.3.11.3
 		 9.3(9)
CVE-2022-
20650		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2022-
20625		 Versions before
3.5.6.3
 		 3.5.6.3
 
CVE-2022-
20623		 Versions before
3.6.2.3		 3.6.2.3
CVE-2022-
22965		 Versions before 3.3.11.3
 		 3.3.11.3
 		 PowerFlex Version 3.6.0.4

 
Versions before
3.4.6.3
 		 3.4.6.3
 
Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before 3.6.2.3 3.6.2.3
CVE-2022-
22948		 Versions before 3.3.11.3
 		 3.3.11.3
 		 vCenter Server version 6.5.0-19261680 (6.5 U3s)
Versions before
3.4.6.3
 		 3.4.6.3
 		 vCenter Server version 6.5.0-19261680 (6.5 U3s)
Versions before
3.5.6.3
 		 3.5.6.3
 		 vCenter Server version 6.7 Update 3q (6.7.0 Build19300125)
 
CVEs Addressed Product Affected Versions Updated Versions Fix package in RCM.
CVE-2020-
12966		 PowerFlex Rack


 		 Versions before
3.3.11.3
 
Versions before
3.4.6.3

Versions before
3.5.6.3

Versions before
3.6.2.3
 		 3.3.11.3

3.4.6.3

3.5.6.3

3.6.2.3

 		 BIOS Firmware 15G version 2.6.6
BIOS Firmware 14G version 2.13
BIOS Firmware 14G version 2.13.3
BIOS Firmware 15G version 2.6.6
 
CVE-2021-
0060
CVE-2021-
0127
CVE-2021-
0103
CVE-2021-
0114
CVE-2021-
0115
CVE-2021-
0116
CVE-2021-
0117
CVE-2021-
0118
CVE-2021-
0099
CVE-2021-
0111
CVE-2021-
0107
CVE-2021-
0125
CVE-2021-
0124
CVE-2021-
33068
CVE-2021-
0092
CVE-2021-
0156
CVE-2021-
0093
CVE-2020-
12944		 Versions before
3.6.2.3
 		 3.6.2.3
 		 BIOS Firmware 15G version 2.6.6
 
CVE-2020-
12951
CVE-2020-
12954
CVE-2020-
12988
CVE-2021-
26312
CVE-2021-
26320
CVE-2021-
26321
CVE-2021-
26322
CVE-2021-
26329
CVE-2021-
26330
CVE-2020-
12946
CVE-2020-
12961
CVE-2021-
26331
CVE-2021-
26315
CVE-2021-
26325
CVE-2021-
26326
CVE-2021-
26327
CVE-2021-
3712		 Versions before
3.3.11.3		 3.3.11.3
 		 iDRAC8 version 2.82.82.82
iDRAC9 version 5.10.10.00
CVE-2021-
36347		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2021-
36348		 Versions before
3.5.6.3
 		 3.5.6.3
 
CVE-2021-
36346		 Versions before
3.6.2.3		 3.6.2.3
CVE-2021-
22045		 Versions before
3.3.11.3
 		 3.3.11.3
 		 ESXi version 6.5 EP26 (Build 19092475)
Versions before
3.4.6.3
 		 3.4.6.3
 		 ESXi version 6.5 EP26 (Build 19092475)
Versions before
3.5.6.3
 		 3.5.6.3
 		 ESXi 6.7 EP 23 Build 19195723
Versions before
3.6.2.3		 3.6.2.3 VMware-ESXi-7.0U3c-19193900
 
CVE-2019-
14584		 Versions before
3.3.11.3
 		 3.3.11.3
 		 BIOS Firmware 13G version 2.14.0
BIOS Firmware 14G version 2.13.3
BIOS Firmware 15G version 2.6.6



 
CVE-2021-
28210		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2021-
28211		 Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before
3.6.2.3		 3.6.2.3
CVE-2021-
26373		 Versions before
3.6.2.3


 		 3.6.2.3



 		 BIOS Firmware 15G version 2.6.6
 
CVE-2021-
26347
CVE-2021-
26376
CVE-2021-
26375
CVE-2021-
26378
CVE-2021-
26372
CVE-2021-
26348
CVE-2021-
26342
CVE-2021-
26388
CVE-2021-
26349
CVE-2021-
26364
CVE-2021-
22040		 Versions before
3.3.11.3
 		 3.3.11.3
 		 ESXi version 6.5 EP26 (Build 19092475)
CVE-2021-
22041		 Versions before
3.4.6.3
 		 3.4.6.3
 		 ESXi version 6.5 EP26 (Build 19092475)
CVE-2021-
22050		 Versions before
3.5.6.3
 		 3.5.6.3
 		 ESXi 6.7 EP 23 Build 19195723
CVE-2022-
24422		 Versions before
3.3.11.3
 		 3.3.11.3
 		 iDRAC9 version 5.10.10.00
Versions before
3.4.6.3
 		 3.4.6.3
 
Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before
3.6.2.3		 3.6.2.3
CVE-2022-
0778		 Versions before
3.3.11.3
 		 3.3.11.3
 		  
Versions before
3.4.6.3
 		 3.4.6.3
 		  
Versions before
3.5.6.3
 		 3.5.6.3
 		  
Versions before
3.6.2.3		 3.6.2.3  
CVE-2022-
20624		 Versions before
3.3.11.3
 		 3.3.11.3
 		 9.3(9)
CVE-2022-
20650		 Versions before
3.4.6.3
 		 3.4.6.3
 
CVE-2022-
20625		 Versions before
3.5.6.3
 		 3.5.6.3
 
CVE-2022-
20623		 Versions before
3.6.2.3		 3.6.2.3
CVE-2022-
22965		 Versions before 3.3.11.3
 		 3.3.11.3
 		 PowerFlex Version 3.6.0.4

 
Versions before
3.4.6.3
 		 3.4.6.3
 
Versions before
3.5.6.3
 		 3.5.6.3
 
Versions before 3.6.2.3 3.6.2.3
CVE-2022-
22948		 Versions before 3.3.11.3
 		 3.3.11.3
 		 vCenter Server version 6.5.0-19261680 (6.5 U3s)
Versions before
3.4.6.3
 		 3.4.6.3
 		 vCenter Server version 6.5.0-19261680 (6.5 U3s)
Versions before
3.5.6.3
 		 3.5.6.3
 		 vCenter Server version 6.7 Update 3q (6.7.0 Build19300125)

Revision History

RevisionDateDescription
1.02022-06-03Initial Release
1.12022-07-01Edited Affected Products and Remediation Table versions

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

PowerFlex rack, Product Security Information
Article Properties
Article Number: 000200325
Article Type: Dell Security Advisory
Last Modified: 27 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.