DSA-2022-125: Dell PowerFlex Appliance Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Component | CVEs | More information |
| VMware vCenter Server | CVE-2022-22948 | VMware article VMSA-2022-0009  |
| Dell PowerEdge Server BIOS | CVE-2020-12966 | Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability |
| CVE-2021-0060 | Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release | |
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-33068 | ||
| CVE-2021-0092 | ||
| CVE-2021-0156 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| CVE-2021-26373 | Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities. | |
| CVE-2021-26347 | ||
| CVE-2021-26376 | ||
| CVE-2021-26375 | ||
| CVE-2021-26378 | ||
| CVE-2021-26372 | ||
| CVE-2021-26339 | ||
| CVE-2021-26348 | ||
| CVE-2021-26342 | ||
| CVE-2021-26388 | ||
| CVE-2021-26349 | ||
| CVE-2021-26364 | ||
| CVE-2021-26312 | ||
| CVE-2021-26350 | ||
| CVE-2020-12944 | Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US | |
| CVE-2020-12951 | ||
| CVE-2020-12954 | ||
| CVE-2020-12988 | ||
| CVE-2021-26312 | ||
| CVE-2021-26320 | ||
| CVE-2021-26321 | ||
| CVE-2021-26322 | ||
| CVE-2021-26329 | ||
| CVE-2021-26330 | ||
| CVE-2020-12946 | ||
| CVE-2020-12961 | ||
| CVE-2021-26331 | ||
| CVE-2021-26315 | ||
| CVE-2021-26325 | ||
| CVE-2021-26326 | ||
| CVE-2021-26327 | ||
| Dell iDRAC Lifecycle Controller Firmware | CVE-2022-24422 | Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| CVE-2021-3712 | Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities |
|
| CVE-2021-36347 | ||
| CVE-2021-36348 | ||
| CVE-2021-36346 | ||
| ESXi | CVE-2021-22045 | VMware article VMSA-2022-0001 |
| CVE-2021-22040 | VMware article VMSA-2022-0004 |
|
| CVE-2021-22041 | ||
| CVE-2021-22050 | ||
| Embedded OS | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| Cisco Switches | CVE-2022-20624 | Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability. |
| CVE-2022-20650 | Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability. |
|
| CVE-2022-20625 | Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability |
|
| CVE-2022-20623 | Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability. |
|
| Spring | CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| Component | CVEs | More information |
| VMware vCenter Server | CVE-2022-22948 | VMware article VMSA-2022-0009 |
| Dell PowerEdge Server BIOS | CVE-2020-12966 | Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability |
| CVE-2021-0060 | Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release | |
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-33068 | ||
| CVE-2021-0092 | ||
| CVE-2021-0156 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| CVE-2021-26373 | Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities. | |
| CVE-2021-26347 | ||
| CVE-2021-26376 | ||
| CVE-2021-26375 | ||
| CVE-2021-26378 | ||
| CVE-2021-26372 | ||
| CVE-2021-26339 | ||
| CVE-2021-26348 | ||
| CVE-2021-26342 | ||
| CVE-2021-26388 | ||
| CVE-2021-26349 | ||
| CVE-2021-26364 | ||
| CVE-2021-26312 | ||
| CVE-2021-26350 | ||
| CVE-2020-12944 | Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US | |
| CVE-2020-12951 | ||
| CVE-2020-12954 | ||
| CVE-2020-12988 | ||
| CVE-2021-26312 | ||
| CVE-2021-26320 | ||
| CVE-2021-26321 | ||
| CVE-2021-26322 | ||
| CVE-2021-26329 | ||
| CVE-2021-26330 | ||
| CVE-2020-12946 | ||
| CVE-2020-12961 | ||
| CVE-2021-26331 | ||
| CVE-2021-26315 | ||
| CVE-2021-26325 | ||
| CVE-2021-26326 | ||
| CVE-2021-26327 | ||
| Dell iDRAC Lifecycle Controller Firmware | CVE-2022-24422 | Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| CVE-2021-3712 | Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities |
|
| CVE-2021-36347 | ||
| CVE-2021-36348 | ||
| CVE-2021-36346 | ||
| ESXi | CVE-2021-22045 | VMware article VMSA-2022-0001 |
| CVE-2021-22040 | VMware article VMSA-2022-0004 |
|
| CVE-2021-22041 | ||
| CVE-2021-22050 | ||
| Embedded OS | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| Cisco Switches | CVE-2022-20624 | Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability. |
| CVE-2022-20650 | Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability. |
|
| CVE-2022-20625 | Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability |
|
| CVE-2022-20623 | Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability. |
|
| Spring | CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package in RCM. |
| CVE-2020-12966 | PowerFlex Appliance | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13 BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
| CVE-2021-0060 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-33068 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0156 | ||||
| CVE-2021-0093 | ||||
| CVE-2020-12944 | ||||
| CVE-2020-12951 | ||||
| CVE-2020-12954 | ||||
| CVE-2020-12988 | ||||
| CVE-2021-26312 | ||||
| CVE-2021- 26320 |
||||
| CVE-2021- 26321 |
||||
| CVE-2021- 26322 |
||||
| CVE-2021- 26329 |
||||
| CVE-2021- 26330 |
||||
| CVE-2020- 12946 |
||||
| CVE-2020- 12961 |
||||
| CVE-2021- 26331 |
||||
| CVE-2021- 26315 |
||||
| CVE-2021- 26325 |
||||
| CVE-2021- 26326 |
||||
| CVE-2021- 26327 |
||||
| CVE-2021 -3712 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2021- 36347 |
||||
| CVE-2021- 36348 |
||||
| CVE-2021- 26350 |
||||
| CVE-2021- 36346 |
||||
| CVE-2021- 22045 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 VMware-ESXi-7.0U3c-19193900 |
|
| CVE-2019-14584 | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
|
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2021- 26373 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 | |
| CVE-2021- 26347 |
||||
| CVE-2021- 26376 |
||||
| CVE-2021- 26375 |
||||
| CVE-2021- 26378 |
||||
| CVE-2021- 26372 |
||||
| CVE-2021- 26348 |
||||
| CVE-2021- 26342 |
||||
| CVE-2021- 26339 |
||||
| CVE-2021- 26388 |
||||
| CVE-2021- 26349 |
||||
| CVE-2021- 26364 |
||||
| CVE-2021- 22040 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 | |
| CVE-2021- 22041 |
||||
| CVE-2021- 22050 |
||||
| CVE-2022- 24422 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2022- 0778 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
||
| CVE-2022- 20624 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
9.3(9) | |
| CVE-2022- 20650 |
||||
| CVE-2022- 20625 |
||||
| CVE-2022- 20623 |
||||
| CVE-2022- 22965 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
PowerFlex Version 3.6.0.4 |
|
| CVE-2022- 22948 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
vCenter server version 6.7 Update 3q (6.7.0 Build19300125) |
- For RCM release information: https://cicodeportal.dell.com/#/home
- For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package in RCM. |
| CVE-2020-12966 | PowerFlex Appliance | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13 BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
| CVE-2021-0060 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-33068 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0156 | ||||
| CVE-2021-0093 | ||||
| CVE-2020-12944 | ||||
| CVE-2020-12951 | ||||
| CVE-2020-12954 | ||||
| CVE-2020-12988 | ||||
| CVE-2021-26312 | ||||
| CVE-2021- 26320 |
||||
| CVE-2021- 26321 |
||||
| CVE-2021- 26322 |
||||
| CVE-2021- 26329 |
||||
| CVE-2021- 26330 |
||||
| CVE-2020- 12946 |
||||
| CVE-2020- 12961 |
||||
| CVE-2021- 26331 |
||||
| CVE-2021- 26315 |
||||
| CVE-2021- 26325 |
||||
| CVE-2021- 26326 |
||||
| CVE-2021- 26327 |
||||
| CVE-2021 -3712 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2021- 36347 |
||||
| CVE-2021- 36348 |
||||
| CVE-2021- 26350 |
||||
| CVE-2021- 36346 |
||||
| CVE-2021- 22045 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 VMware-ESXi-7.0U3c-19193900 |
|
| CVE-2019-14584 | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
|
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2021- 26373 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 | |
| CVE-2021- 26347 |
||||
| CVE-2021- 26376 |
||||
| CVE-2021- 26375 |
||||
| CVE-2021- 26378 |
||||
| CVE-2021- 26372 |
||||
| CVE-2021- 26348 |
||||
| CVE-2021- 26342 |
||||
| CVE-2021- 26339 |
||||
| CVE-2021- 26388 |
||||
| CVE-2021- 26349 |
||||
| CVE-2021- 26364 |
||||
| CVE-2021- 22040 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 | |
| CVE-2021- 22041 |
||||
| CVE-2021- 22050 |
||||
| CVE-2022- 24422 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2022- 0778 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
||
| CVE-2022- 20624 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
9.3(9) | |
| CVE-2022- 20650 |
||||
| CVE-2022- 20625 |
||||
| CVE-2022- 20623 |
||||
| CVE-2022- 22965 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
PowerFlex Version 3.6.0.4 |
|
| CVE-2022- 22948 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
vCenter server version 6.7 Update 3q (6.7.0 Build19300125) |
- For RCM release information: https://cicodeportal.dell.com/#/home
- For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Revision History
| Revision | Date | Description |
| 1.0 | 2022-06-03 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840Article Properties
Article Number: 000200326
Article Type: Dell Security Advisory
Last Modified: 27 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.