DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Resumen: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Third-Party Component CVEs More Information
Dell PowerEdge BIOS CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2022-36763, CVE-2022-36764, CVE-2023-32460, CVE-2024-0172 DSA-2023-357DSA-2023-361DSA-2024-035INTEL-SA-00828This hyperlink is taking you to a website outside of Dell Technologies.,
INTEL-SA-00813 This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Product Software/Firmware Affected versions Remediated Versions Link
CVE-2022-36763, CVE-2022-36764 Isilon A200 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon A2000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Archive A300 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Archive A3000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H400 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H500 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H5600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Hybrid H700 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Hybrid H7000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale B100 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F200 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764,  Isilon F800 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F900 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale P100 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVEs Product Software/Firmware Affected versions Remediated Versions Link
CVE-2022-36763, CVE-2022-36764 Isilon A200 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon A2000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Archive A300 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Archive A3000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H400 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H500 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764 Isilon H5600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Hybrid H700 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 PowerScale Hybrid H7000 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale B100 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F200 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F600 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2022-36763, CVE-2022-36764,  Isilon F800 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale F900 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 PowerScale P100 PowerScale Node Firmware Package Versions prior to 12.1 Version 12.1 or later PowerScale OneFS Downloads Area
To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.1 Release Notes (dell.com).

Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.

Soluciones alternativas y mitigaciones

CVE Workaround/Mitigations
CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 The critical CVEs are only applicable to PowerScale platforms with iDRAC, that have been configured to use PXE boot.

Historial de revisiones

RevisionDateDescription
1.02024-03-04Initial Release
2.02024-04-10Added CVE-2024-0172 to the DSA
3.02024-04-12Updated for enhanced presentation with no changes to content

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710 , PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100 ...

Productos

PowerScale OneFS
Propiedades del artículo
Número del artículo: 000222692
Tipo de artículo: Dell Security Advisory
Última modificación: 19 sept 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.