Article Number: 000204053
Critical
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-34437 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an operating system command injection vulnerability. A privileged local malicious user may potentially exploit this vulnerability, leading to a full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges may potentially exploit this vulnerability, leading to full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Third-party Component | CVEs | CVSS Vector String |
Intel Platform | CVE-2021-0148 | Intel-SA-00535 |
CVE-2021-0092 | Intel-SA-00527 | |
CVE-2021-0093 | ||
CVE-2021-0099 | ||
CVE-2021-0103 | ||
CVE-2021-0107 | ||
CVE-2021-0111 | ||
CVE-2021-0114 | ||
CVE-2021-0115 | ||
CVE-2021-0116 | ||
CVE-2021-0117 | ||
CVE-2021-0118 | ||
CVE-2021-0124 | ||
CVE-2021-0125 | ||
CVE-2021-0127 | ||
CVE-2021-0060 | ||
CVE-2021-00147 | ||
CVE-2020-24511 | Intel-SA-00463 | |
CVE-2020-24512 | ||
CVE-2020-12357 | Intel-SA-00464 |
|
CVE-2020-12358 | ||
CVE-2020-12360 | ||
CVE-2020-24486 | ||
CVE-2021-0144 | Intel-SA-00525 | |
CVE-2020-0591, CVE-2020-0592, CVE-2020-0593 | Intel-SA-00358 | |
CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740 | Intel-SA-00390 | |
CVE-2020-8705, CVE-2020-8755 | Intel-SA-00391 | |
CVE-2020-8696 | Intel-SA-00381 | |
PowerEdge | CVE-2019-14553 | DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability |
CVE-2019-14584, CVE-2021-28210, CVE-2021-28211 | DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
Cyrus SASL | CVE-2022-24407 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2019-19906 | ||
CVE-2013-4122 | ||
Dell SmartFabric OS10 | CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, CVE-2021-36310, CVE-2021-36319, CVE-2021-3711, CVE-2021-3712 | DSA-2021-189: Dell SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-34437 | Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an operating system command injection vulnerability. A privileged local malicious user may potentially exploit this vulnerability, leading to a full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges may potentially exploit this vulnerability, leading to full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Third-party Component | CVEs | CVSS Vector String |
Intel Platform | CVE-2021-0148 | Intel-SA-00535 |
CVE-2021-0092 | Intel-SA-00527 | |
CVE-2021-0093 | ||
CVE-2021-0099 | ||
CVE-2021-0103 | ||
CVE-2021-0107 | ||
CVE-2021-0111 | ||
CVE-2021-0114 | ||
CVE-2021-0115 | ||
CVE-2021-0116 | ||
CVE-2021-0117 | ||
CVE-2021-0118 | ||
CVE-2021-0124 | ||
CVE-2021-0125 | ||
CVE-2021-0127 | ||
CVE-2021-0060 | ||
CVE-2021-00147 | ||
CVE-2020-24511 | Intel-SA-00463 | |
CVE-2020-24512 | ||
CVE-2020-12357 | Intel-SA-00464 |
|
CVE-2020-12358 | ||
CVE-2020-12360 | ||
CVE-2020-24486 | ||
CVE-2021-0144 | Intel-SA-00525 | |
CVE-2020-0591, CVE-2020-0592, CVE-2020-0593 | Intel-SA-00358 | |
CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740 | Intel-SA-00390 | |
CVE-2020-8705, CVE-2020-8755 | Intel-SA-00391 | |
CVE-2020-8696 | Intel-SA-00381 | |
PowerEdge | CVE-2019-14553 | DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability |
CVE-2019-14584, CVE-2021-28210, CVE-2021-28211 | DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
Cyrus SASL | CVE-2022-24407 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2019-19906 | ||
CVE-2013-4122 | ||
Dell SmartFabric OS10 | CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, CVE-2021-36310, CVE-2021-36319, CVE-2021-3711, CVE-2021-3712 | DSA-2021-189: Dell SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2021-0148 | F600 with Intel P4510 2TB and 4 TB ISE drives | PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x Drive Support Package versions before 1.42.3. |
Download and install Drive Support Package. > = 1.42.3 |
PowerScale OneFS Downloads Area |
CVE-2021-0092 | A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100 |
PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x Node Firmware Package versions before 11.5.1. |
Download and install the latest Node Firmware Package version. > = 11.5.1 |
|
CVE-2021-0093 | ||||
CVE-2021-0099 | ||||
CVE-2021-0103 | ||||
CVE-2021-0107 | ||||
CVE-2021-0111 | ||||
CVE-2021-0114 | ||||
CVE-2021-0115 | ||||
CVE-2021-0116 | ||||
CVE-2021-0117 | ||||
CVE-2021-0118 | ||||
CVE-2021-0124 | ||||
CVE-2021-0125 | ||||
CVE-2021-0127 | ||||
CVE-2021-0060 | ||||
CVE-2021-00147 | A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-24511 | A300, A3000, H700, H7000 | |||
CVE-2020-12358 | ||||
CVE-2020-12360 | A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-24486 | A300, A3000, H700, H7000 | |||
CVE-2021-0144 |
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-0591 | A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100 | |||
CVE-2020-0592 | ||||
CVE-2020-0593 | A2000, A200, H400, F900, F200, F600, B100, and P100 | |||
CVE-2020-8738 | ||||
CVE-2020-8739 | ||||
CVE-2020-8740 | ||||
CVE-2020-8764 | ||||
CVE-2020-0587 | F900, F200, F600, B100, and P100 | |||
CVE-2020-0588 | ||||
CVE-2020-0590 | ||||
CVE-2020-8705 | ||||
CVE-2020-8755 | ||||
CVE-2020-8696 | ||||
CVE-2019-14553 | B100, P100, F200, F600, F900 | |||
CVE-2019-14584 | ||||
CVE-2021-28210 | ||||
CVE-2021-28211 | ||||
CVE-2022-24407 | PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.22 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
CVE-2019-19906 | ||||
CVE-2013-4122 | ||||
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34437 | PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 |
Download and install the latest RUP. > = 9.1.0.22 > = 9.2.1.16 > = 9.3.0.8 |
|
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34438 | PowerScale OneFS | 9.1.0.0 through 9.1.0.22 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.23 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34439 | PowerScale OneFS | 9.1.0.0 through 9.1.0.22 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.23 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
Any other version | Upgrade your version of PowerScale OneFS or apply the steps that are listed in the "Workaround and Mitigations" section in the next table. | |||
CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, CVE-2021-36310, CVE-2021-36319, CVE-2021-3711, CVE-2021-3712 | PowerScale OneFS with Dell Networking switch running Networking OS10 firmware. |
PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x With DNOS version before 10.5.2.11 |
10.5.2.11 | SmartFabric OS10 Drivers & Downloads |
CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
CVE-2021-0148 | F600 with Intel P4510 2TB and 4 TB ISE drives | PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x Drive Support Package versions before 1.42.3. |
Download and install Drive Support Package. > = 1.42.3 |
PowerScale OneFS Downloads Area |
CVE-2021-0092 | A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100 |
PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x Node Firmware Package versions before 11.5.1. |
Download and install the latest Node Firmware Package version. > = 11.5.1 |
|
CVE-2021-0093 | ||||
CVE-2021-0099 | ||||
CVE-2021-0103 | ||||
CVE-2021-0107 | ||||
CVE-2021-0111 | ||||
CVE-2021-0114 | ||||
CVE-2021-0115 | ||||
CVE-2021-0116 | ||||
CVE-2021-0117 | ||||
CVE-2021-0118 | ||||
CVE-2021-0124 | ||||
CVE-2021-0125 | ||||
CVE-2021-0127 | ||||
CVE-2021-0060 | ||||
CVE-2021-00147 | A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-24511 | A300, A3000, H700, H7000 | |||
CVE-2020-12358 | ||||
CVE-2020-12360 | A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-24486 | A300, A3000, H700, H7000 | |||
CVE-2021-0144 |
A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000 | |||
CVE-2020-0591 | A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100 | |||
CVE-2020-0592 | ||||
CVE-2020-0593 | A2000, A200, H400, F900, F200, F600, B100, and P100 | |||
CVE-2020-8738 | ||||
CVE-2020-8739 | ||||
CVE-2020-8740 | ||||
CVE-2020-8764 | ||||
CVE-2020-0587 | F900, F200, F600, B100, and P100 | |||
CVE-2020-0588 | ||||
CVE-2020-0590 | ||||
CVE-2020-8705 | ||||
CVE-2020-8755 | ||||
CVE-2020-8696 | ||||
CVE-2019-14553 | B100, P100, F200, F600, F900 | |||
CVE-2019-14584 | ||||
CVE-2021-28210 | ||||
CVE-2021-28211 | ||||
CVE-2022-24407 | PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.22 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
CVE-2019-19906 | ||||
CVE-2013-4122 | ||||
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34437 | PowerScale OneFS | 9.1.0.0 through 9.1.0.21 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 |
Download and install the latest RUP. > = 9.1.0.22 > = 9.2.1.16 > = 9.3.0.8 |
|
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34438 | PowerScale OneFS | 9.1.0.0 through 9.1.0.22 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.23 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
Any other version | Upgrade your version of PowerScale OneFS. | |||
CVE-2022-34439 | PowerScale OneFS | 9.1.0.0 through 9.1.0.22 9.2.1.0 through 9.2.1.15 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.1.0.23 > = 9.2.1.16 > = 9.3.0.8 > = 9.4.0.6 |
|
Any other version | Upgrade your version of PowerScale OneFS or apply the steps that are listed in the "Workaround and Mitigations" section in the next table. | |||
CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, CVE-2021-36310, CVE-2021-36319, CVE-2021-3711, CVE-2021-3712 | PowerScale OneFS with Dell Networking switch running Networking OS10 firmware. |
PowerScale OneFS Versions: 9.4.0.x 9.3.0.x 9.2.1.x 9.2.0.x 9.1.0.x 9.0.0.x With DNOS version before 10.5.2.11 |
10.5.2.11 | SmartFabric OS10 Drivers & Downloads |
CVE | Workarounds |
CVE-2022-34439 | This vulnerability only applies to: Ethernet backend cluster with Single (nonredundant) backend configuration Disable LBFO by issuing the command: if $(isi cluster internal-networks view | grep -q "Failover Status: disabled" ) && $(isi cluster internal-networks view | grep -q "Fabric: Ethernet"); then echo; echo "Disabling service, please re-enable after upgrade to fixed version" ; isi services isi_lbfo_d disable ; else echo; echo "Not impacted" ; fi After the patch is applied or upgrades to a version with the issue resolved, revert this mitigation with the command: #isi services isi_lbfo_d enableNote: This is required before future configurations using redundant backend interfaces. |
Revision | Date | Description |
1.0 | 2022-10-13 | Initial Release |
1.1 | 2022-10-24 | Updated Affected Versions and Remediation section Corrected a typographical error in Workaround and Mitigation Section |
1.2 | 2022-11-7 |
|
1.3 | 2022-11-15 | Updated applicable sections with information for additional CVEs (CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, CVE-2021-36310, CVE-2021-36319, CVE-2021-3711, and CVE-2021-3712) |
1.4 | 2023-02-02 | Updated the wordings in Workarounds and Mitigation section for CVE-2022-34439 |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
PowerScale OneFS
02 Feb 2023
7
Dell Security Advisory