DSA-2021-243: Dell PowerScale OneFS Contains Security Update for Multiple Vulnerabilities.
Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
High
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
| Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
| cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
| Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
| Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
| cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
| Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
Corrección y productos afectados
| CVEs Addressed |
|
Updated Versions | Link to Update | |
| CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
| 9.3.0.x | Available from December (or later) RUP | |||
| 9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
| Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
| Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
| CVEs Addressed |
|
Updated Versions | Link to Update | |
| CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
| 9.3.0.x | Available from December (or later) RUP | |||
| 9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
| Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
| Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
Soluciones alternativas y mitigaciones
| CVEs Addressed | Workarounds or Mitigations |
| CVE-2021-3712 (OpenSSL) | Avoid granting the ISI_PRIV_AUTH_SSH RBAC role to non-administrators. |
| Multiple CVEs (Intel) | None |
| Multiple CVEs (cURL) | None |
| CVE-2021-23336 (Python) | None |
| CVE-2021-36350 (PowerScale OneFS) | Avoid configuring DUO for groups with spaces in their name, until you have patched your OneFS installation. |
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2021-12-06 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
PowerScale OneFS, Product Security InformationPropiedades del artículo
Número del artículo: 000194157
Tipo de artículo: Dell Security Advisory
Última modificación: 15 feb 2022
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.