DSA-2024-267: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Third-Party Component | CVEs | More information |
|---|---|---|
| BIOS | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-38575, CVE-2023-39368, CVE-2024-0162, CVE-2024-0163 | DSA-2024-004: CVE-2024-0162 DSA-2024-003: CVE-2024-0163 See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| iDRAC | CVE-2023-29499, CVE-2023-48795 | DSA-2024-021: CVE-2023-48795 DSA-2024-286: CVE-2023-29499 See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
Affected Products & Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F210 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F710 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162 and CVE-2024-0163 | PowerScale F910 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F210 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F710 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162 and CVE-2024-0163 | PowerScale F910 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
Caution: Due to the NFP installation issue with parallel upgrades, customers are advised not to perform parallel upgrades.
Note:
- We encourage all customers to upgrade to the remediated versions. If an upgrade is not feasible, we recommend customers review the CVE details further to determine potential risks to their environment more accurately.
- Please refer to the firmware assessment report to identify which nodes require upgrading. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.2 Release Notes (dell.com).
- CVE-2023-38575, CVE-2023-39368, CVE-2024-0162 and CVE-2024-0163 are only applicable PowerScale 16G.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-01 | Initial Release |
| 2.0 | 2024-09-11 | Updated for enhanced presentation with no changes to content |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710, PowerScale F900, PowerScale F910, PowerScale Hybrid H700, PowerScale Hybrid H7000
, PowerScale P100
...
Article Properties
Article Number: 000226574
Article Type: Dell Security Advisory
Last Modified: 11 Sep 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.