Article Number: 000213011

DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-23694	Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2023-23693	Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.	6.7	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-32464	Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Third-Party Component	CVE(s)	More information
VMware ESXi	CVE-2023-1017	For more information, see VMware’s release notes
VMware ESXi	CVE-2023-1018	For more information, see VMware’s release notes
Dell PowerEdge BIOS	CVE-2022-34406	For more information, see DSA-2022-204
	CVE-2022-34407
	CVE-2022-34408
	CVE-2022-34409
	CVE-2022-34410
	CVE-2022-34411
	CVE-2022-34412
	CVE-2022-34413
	CVE-2022-34414
	CVE-2022-34415
	CVE-2022-34416
	CVE-2022-34417
	CVE-2022-34418
	CVE-2022-34419
	CVE-2022-34420
	CVE-2022-34421
	CVE-2022-34422
	CVE-2022-34423
	CVE-2022-34376
	CVE-2022-34377
iDRAC8	CVE-2022-34436	For more information, see DSA-2022-265
iDRAC9	CVE-2022-44640	For more information, seeDSA-2023-162
Intel	CVE-2021-33126	For more information, see Intel-SA-00593
	CVE-2021-33128
	CVE-2022-28709
Intel	CVE-2022-36416	For more information, see Intel-SA-00750
Intel	CVE-2022-36797	For more information, see Intel-SA-00750
Spring Framework	CVE-2022-22970
Spring Framework	CVE-2022-22971
Cilium	CVE-2022-29179	For more information, see the NVD website
SUSE	CVE-2016-3709	For more information, see SUSE.com
	CVE-2017-5601
	CVE-2018-10903
	CVE-2018-13405
	CVE-2019-1010204
	CVE-2020-10735
	CVE-2020-16119
	CVE-2021-20251
	CVE-2021-22569
	CVE-2021-28153
	CVE-2021-28861
	CVE-2021-3530
	CVE-2021-3618
	CVE-2021-3648
	CVE-2021-36690
	CVE-2021-36976
	CVE-2021-3826
	CVE-2021-3928
	CVE-2021-4037
	CVE-2021-45078
	CVE-2021-46195
	CVE-2021-46848
	CVE-2022-0561
	CVE-2022-1664
	CVE-2022-1941
	CVE-2022-20008
	CVE-2022-2153
	CVE-2022-21618
	CVE-2022-21619
	CVE-2022-21624
	CVE-2022-21626
	CVE-2022-21628
	CVE-2022-23471
	CVE-2022-23491
	CVE-2022-2503
	CVE-2022-2519
	CVE-2022-2520
	CVE-2022-2521
	CVE-2022-2586
	CVE-2022-2601
	CVE-2022-2602
	CVE-2022-27191
	CVE-2022-27943
	CVE-2022-2795
	CVE-2022-2867
	CVE-2022-2868
	CVE-2022-2869
	CVE-2022-28693
	CVE-2022-28748
	CVE-2022-2964
	CVE-2022-2978
	CVE-2022-2980
	CVE-2022-2982
	CVE-2022-3037
	CVE-2022-3099
	CVE-2022-3105
	CVE-2022-3107
	CVE-2022-3108
	CVE-2022-3112
	CVE-2022-3115
	CVE-2022-3134
	CVE-2022-3153
	CVE-2022-3169
	CVE-2022-3171
CVE-2022-3176
CVE-2022-32221
CVE-2022-32296
CVE-2022-3234
CVE-2022-3235
CVE-2022-3239
CVE-2022-3278
CVE-2022-3296
CVE-2022-3297
CVE-2022-3303
CVE-2022-3324
CVE-2022-3352
CVE-2022-3424
CVE-2022-34266
CVE-2022-3435
CVE-2022-34526
CVE-2022-3479
CVE-2022-3491
CVE-2022-3515
CVE-2022-3520
CVE-2022-3521
CVE-2022-3524
CVE-2022-3535
CVE-2022-3542
CVE-2022-3545
CVE-2022-3564
CVE-2022-3565
CVE-2022-3567
CVE-2022-3570
CVE-2022-35737
CVE-2022-3577
CVE-2022-3586
CVE-2022-3591
CVE-2022-3594
CVE-2022-3597
CVE-2022-3598
CVE-2022-3599
CVE-2022-3621
CVE-2022-3623
CVE-2022-3625
CVE-2022-3626
CVE-2022-3627
CVE-2022-3628
CVE-2022-3629
CVE-2022-3635
CVE-2022-3643
CVE-2022-3646
CVE-2022-3649
CVE-2022-37026
CVE-2022-3705
CVE-2022-3707
CVE-2022-37454
CVE-2022-3775
CVE-2022-37966
CVE-2022-38023
CVE-2022-38126
CVE-2022-38127
CVE-2022-38177
CVE-2022-38178
CVE-2022-38533
CVE-2022-3903
CVE-2022-39189
CVE-2022-39399
CVE-2022-3970
CVE-2022-40303
CVE-2022-40304
CVE-2022-40307
CVE-2022-40674
CVE-2022-40768
CVE-2022-4095
CVE-2022-41218
CVE-2022-41222
CVE-2022-4129
CVE-2022-4139
CVE-2022-4141
CVE-2022-41674
CVE-2022-41741
CVE-2022-41742
CVE-2022-41848
CVE-2022-41849
CVE-2022-41850
CVE-2022-41858
CVE-2022-42010
CVE-2022-42011
CVE-2022-42012
CVE-2022-42328
CVE-2022-42329
CVE-2022-42432
CVE-2022-42703
CVE-2022-42719
CVE-2022-42720
CVE-2022-42721
CVE-2022-42895
CVE-2022-42896
CVE-2022-42898
CVE-2022-4292
CVE-2022-4293
CVE-2022-4304
CVE-2022-43680
CVE-2022-43750
CVE-2022-4378
CVE-2022-43945
CVE-2022-43995
CVE-2022-4450
CVE-2022-44617
CVE-2022-45061
CVE-2022-45934
CVE-2022-46285
CVE-2022-4662
CVE-2022-47520
CVE-2022-47629
CVE-2022-47929
CVE-2022-48281
CVE-2022-4883
CVE-2023-0215
CVE-2023-0266
CVE-2023-0286
CVE-2023-0767
CVE-2023-22809
CVE-2023-23454
CVE-2023-23455

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-23694	Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.	4.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE-2023-23693	Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.	6.7	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
CVE-2023-32464	Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Third-Party Component	CVE(s)	More information
VMware ESXi	CVE-2023-1017	For more information, see VMware’s release notes
VMware ESXi	CVE-2023-1018	For more information, see VMware’s release notes
Dell PowerEdge BIOS	CVE-2022-34406	For more information, see DSA-2022-204
	CVE-2022-34407
	CVE-2022-34408
	CVE-2022-34409
	CVE-2022-34410
	CVE-2022-34411
	CVE-2022-34412
	CVE-2022-34413
	CVE-2022-34414
	CVE-2022-34415
	CVE-2022-34416
	CVE-2022-34417
	CVE-2022-34418
	CVE-2022-34419
	CVE-2022-34420
	CVE-2022-34421
	CVE-2022-34422
	CVE-2022-34423
	CVE-2022-34376
	CVE-2022-34377
iDRAC8	CVE-2022-34436	For more information, see DSA-2022-265
iDRAC9	CVE-2022-44640	For more information, seeDSA-2023-162
Intel	CVE-2021-33126	For more information, see Intel-SA-00593
	CVE-2021-33128
	CVE-2022-28709
Intel	CVE-2022-36416	For more information, see Intel-SA-00750
Intel	CVE-2022-36797	For more information, see Intel-SA-00750
Spring Framework	CVE-2022-22970
Spring Framework	CVE-2022-22971
Cilium	CVE-2022-29179	For more information, see the NVD website
SUSE	CVE-2016-3709	For more information, see SUSE.com
	CVE-2017-5601
	CVE-2018-10903
	CVE-2018-13405
	CVE-2019-1010204
	CVE-2020-10735
	CVE-2020-16119
	CVE-2021-20251
	CVE-2021-22569
	CVE-2021-28153
	CVE-2021-28861
	CVE-2021-3530
	CVE-2021-3618
	CVE-2021-3648
	CVE-2021-36690
	CVE-2021-36976
	CVE-2021-3826
	CVE-2021-3928
	CVE-2021-4037
	CVE-2021-45078
	CVE-2021-46195
	CVE-2021-46848
	CVE-2022-0561
	CVE-2022-1664
	CVE-2022-1941
	CVE-2022-20008
	CVE-2022-2153
	CVE-2022-21618
	CVE-2022-21619
	CVE-2022-21624
	CVE-2022-21626
	CVE-2022-21628
	CVE-2022-23471
	CVE-2022-23491
	CVE-2022-2503
	CVE-2022-2519
	CVE-2022-2520
	CVE-2022-2521
	CVE-2022-2586
	CVE-2022-2601
	CVE-2022-2602
	CVE-2022-27191
	CVE-2022-27943
	CVE-2022-2795
	CVE-2022-2867
	CVE-2022-2868
	CVE-2022-2869
	CVE-2022-28693
	CVE-2022-28748
	CVE-2022-2964
	CVE-2022-2978
	CVE-2022-2980
	CVE-2022-2982
	CVE-2022-3037
	CVE-2022-3099
	CVE-2022-3105
	CVE-2022-3107
	CVE-2022-3108
	CVE-2022-3112
	CVE-2022-3115
	CVE-2022-3134
	CVE-2022-3153
	CVE-2022-3169
	CVE-2022-3171
CVE-2022-3176
CVE-2022-32221
CVE-2022-32296
CVE-2022-3234
CVE-2022-3235
CVE-2022-3239
CVE-2022-3278
CVE-2022-3296
CVE-2022-3297
CVE-2022-3303
CVE-2022-3324
CVE-2022-3352
CVE-2022-3424
CVE-2022-34266
CVE-2022-3435
CVE-2022-34526
CVE-2022-3479
CVE-2022-3491
CVE-2022-3515
CVE-2022-3520
CVE-2022-3521
CVE-2022-3524
CVE-2022-3535
CVE-2022-3542
CVE-2022-3545
CVE-2022-3564
CVE-2022-3565
CVE-2022-3567
CVE-2022-3570
CVE-2022-35737
CVE-2022-3577
CVE-2022-3586
CVE-2022-3591
CVE-2022-3594
CVE-2022-3597
CVE-2022-3598
CVE-2022-3599
CVE-2022-3621
CVE-2022-3623
CVE-2022-3625
CVE-2022-3626
CVE-2022-3627
CVE-2022-3628
CVE-2022-3629
CVE-2022-3635
CVE-2022-3643
CVE-2022-3646
CVE-2022-3649
CVE-2022-37026
CVE-2022-3705
CVE-2022-3707
CVE-2022-37454
CVE-2022-3775
CVE-2022-37966
CVE-2022-38023
CVE-2022-38126
CVE-2022-38127
CVE-2022-38177
CVE-2022-38178
CVE-2022-38533
CVE-2022-3903
CVE-2022-39189
CVE-2022-39399
CVE-2022-3970
CVE-2022-40303
CVE-2022-40304
CVE-2022-40307
CVE-2022-40674
CVE-2022-40768
CVE-2022-4095
CVE-2022-41218
CVE-2022-41222
CVE-2022-4129
CVE-2022-4139
CVE-2022-4141
CVE-2022-41674
CVE-2022-41741
CVE-2022-41742
CVE-2022-41848
CVE-2022-41849
CVE-2022-41850
CVE-2022-41858
CVE-2022-42010
CVE-2022-42011
CVE-2022-42012
CVE-2022-42328
CVE-2022-42329
CVE-2022-42432
CVE-2022-42703
CVE-2022-42719
CVE-2022-42720
CVE-2022-42721
CVE-2022-42895
CVE-2022-42896
CVE-2022-42898
CVE-2022-4292
CVE-2022-4293
CVE-2022-4304
CVE-2022-43680
CVE-2022-43750
CVE-2022-4378
CVE-2022-43945
CVE-2022-43995
CVE-2022-4450
CVE-2022-44617
CVE-2022-45061
CVE-2022-45934
CVE-2022-46285
CVE-2022-4662
CVE-2022-47520
CVE-2022-47629
CVE-2022-47929
CVE-2022-48281
CVE-2022-4883
CVE-2023-0215
CVE-2023-0266
CVE-2023-0286
CVE-2023-0767
CVE-2023-22809
CVE-2023-23454
CVE-2023-23455

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Affected Version(s)	Updated Version(s)	Link to Update
Dell EMC VxRail Appliance	7.0.x versions before 7.0.450	7.0.450	7.0.450

Product	Affected Version(s)	Updated Version(s)	Link to Update
Dell EMC VxRail Appliance	7.0.x versions before 7.0.450	7.0.450	7.0.450

Revision History

Revision	Date	Description
1.0	2023-05-04	Initial Release
2.0	2023-05-22	Formatting changes made
3.0	2023-06-14	Added CVE-2022-29179 and CVE-2023-32464
4.0	2023-07-14	Amended with CVE for iDRAC vulnerability

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series , VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VXRAIL P670F, VxRail P670N, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF, VXRAIL V670F, VxRail VD-4000R, VxRail VD-4000W, VxRail VD-4000Z, VxRail VD-4510C, VxRail VD-4520C, VxRail VD Series Nodes ...

DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type