DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-Party Component	CVEs	More information
VMware vCenter Server	CVE-2021-21985	VMSA-2021-0010
VMware vCenter Server	CVE-2021-21986	VMSA-2021-0010
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
Dell Server BIOS Firmware (Intel)	CVE-2020-24511	INTEL-SA-00463 INTEL-SA-00464
	CVE-2020-12358
	CVE-2020-12360
	CVE-2020-24486
Dell Server iDRAC	CVE-2020-26198	DSA-2020-268
	CVE- 2021-21510
Cisco Nexus Switch	CVE-2021-1368	cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager	CVE-1999-0170

Third-Party Component	CVEs	More information
VMware vCenter Server	CVE-2021-21985	VMSA-2021-0010
VMware vCenter Server	CVE-2021-21986	VMSA-2021-0010
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
Dell Server BIOS Firmware (Intel)	CVE-2020-24511	INTEL-SA-00463 INTEL-SA-00464
	CVE-2020-12358
	CVE-2020-12360
	CVE-2020-24486
Dell Server iDRAC	CVE-2020-26198	DSA-2020-268
	CVE- 2021-21510
Cisco Nexus Switch	CVE-2021-1368	cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager	CVE-1999-0170

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed	Product	Affected Versions	Updated Versions	Fix package include in RCM
CVE-2021-21985	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.4.5.0	3.4.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.5.5.0	3.5.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.6.1.0	3.6.1.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.4.5.0	3.4.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.5.5.0	3.5.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.6.1.0	3.6.1.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	9.3(7)
CVE-2021-21994	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170	PowerFlex rack	All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0	3.3.10.0 3.4.5.0 3.5.5.0 3.6.1.0	PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

CVEs Addressed	Product	Affected Versions	Updated Versions	Fix package include in RCM
CVE-2021-21985	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.4.5.0	3.4.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.5.5.0	3.5.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.6.1.0	3.6.1.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.4.5.0	3.4.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.5.5.0	3.5.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.6.1.0	3.6.1.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	9.3(7)
CVE-2021-21994	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170	PowerFlex rack	All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0	3.3.10.0 3.4.5.0 3.5.5.0 3.6.1.0	PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision History

Revision	Date	Description
1.0	2021-08-03	Initial Release

Related Information

Legal Disclaimer

Affected Products

PowerFlex rack, Product Security Information, PowerFlex Software

Article Number: 000190192

Article Type: Dell Security Advisory

Last Modified: 03 Aug 2021

Check if your device is covered by Support Services.

DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

Summary: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services