DSA-2022-118: Dell EMC PowerScale OneFS Security Update
Summary: Dell EMC PowerScale OneFS remediation is available for vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-31229 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain an error message with sensitive information vulnerability. An administrator may potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | 9.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x through 9.3.0.x, contain a broken or risky cryptographic algorithm vulnerability. A remote unprivileged malicious attacker may potentially exploit this vulnerability, leading to full system access. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| Libexpat | CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
See NVD for individual scores. |
| OpenSSL | CVE-2022-0778 | See NVD for individual score. |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2013-0340 CVE-2018-20843 CVE-2019-15903 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 |
libexpat | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | PowerScale OneFS Downloads Area |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-0778 | OpenSSL | 9.1.0.x, 9.2.1.x, and 9.4.0.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31230 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP. | |
| 9.3.0.x | RUP expected in October. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS. | |||
| CVE-2022-31229 | OneFS | 9.1.0.x and 9.2.1.x | Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". | |
| 9.3.0.x | RUP expected in July. If a fix is needed sooner, upgrade your version of OneFS. | |||
| 9.0.0, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations". |
NOTE: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds & Mitigations
| CVE addressed | Workaround and Mitigation |
| CVE-2022-31229 | In addition to upgrading your version of OneFS or downloading and installing the latest RUP, Dell recommends changing your Dell account password. If the password for your Dell account was used as a password elsewhere, Dell recommends changing these passwords and does not recommend using the same password on multiple accounts or programs. If your Dell account is used by other clients or accounts, they must be updated with the new password. |
Revision History
| Revision | Date | Description |
| 1.1 | 2022-06-16 | Initial release |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFS, Product Security InformationArticle Properties
Article Number: 000200681
Article Type: Dell Security Advisory
Last Modified: 23 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.