DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

Resumen: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

Critical

Detalles

Third-Party Component CVEs More information
VMware vCenter Server CVE-2021-21985 VMSA-2021-0010
CVE-2021-21986
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995
Dell Server BIOS Firmware (Intel) CVE-2020-24511 INTEL-SA-00463
INTEL-SA-00464
 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell Server iDRAC CVE-2020-26198 DSA-2020-268
  CVE- 2021-21510  
Cisco Nexus Switch CVE-2021-1368 cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager CVE-1999-0170  
Third-Party Component CVEs More information
VMware vCenter Server CVE-2021-21985 VMSA-2021-0010
CVE-2021-21986
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995
Dell Server BIOS Firmware (Intel) CVE-2020-24511 INTEL-SA-00463
INTEL-SA-00464
 
CVE-2020-12358
CVE-2020-12360
CVE-2020-24486
Dell Server iDRAC CVE-2020-26198 DSA-2020-268
  CVE- 2021-21510  
Cisco Nexus Switch CVE-2021-1368 cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager CVE-1999-0170  
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Addressed Product Affected Versions Updated Versions Fix package include in RCM
CVE-2021-21985 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.4.5.0 3.4.5.0
 		 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.5.5.0 3.5.5.0
 		 vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
    Versions before 3.6.1.0 3.6.1.0 vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.4.5.0 3.4.5.0
 		 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.5.5.0 3.5.5.0
 		 vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
    Versions before 3.6.1.0 3.6.1.0 vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.6.1.0 3.6.1.0 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.4.5.0 3.4.5.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.5.5.0 3.5.5.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.6.1.0 3.6.1.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 9.3(7)
CVE-2021-21994 PowerFlex rack
 		 Versions before 3.6.1.0 3.6.1.0 ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995 PowerFlex rack
 		 Versions before 3.6.1.0 3.6.1.0 ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170 PowerFlex rack
 		 All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0 3.3.10.0
3.4.5.0
3.5.5.0
3.6.1.0		 PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVEs Addressed Product Affected Versions Updated Versions Fix package include in RCM
CVE-2021-21985 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.4.5.0 3.4.5.0
 		 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.5.5.0 3.5.5.0
 		 vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
    Versions before 3.6.1.0 3.6.1.0 vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.4.5.0 3.4.5.0
 		 vCSA 6.5 Update 3p (Build Number 17994927)
    Versions before 3.5.5.0 3.5.5.0
 		 vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
    Versions before 3.6.1.0 3.6.1.0 vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server BIOS Firmware (14G) - 2.11.2
    Versions before 3.6.1.0 3.6.1.0 Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.4.5.0 3.4.5.0
 		 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.5.5.0 3.5.5.0
 		 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
    Versions before 3.6.1.0 3.6.1.0 Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.4.5.0 3.4.5.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.5.5.0 3.5.5.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
    Versions before 3.6.1.0 3.6.1.0 iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368 PowerFlex rack
 		 Versions before 3.3.10.0 3.3.10.0 9.3(7)
CVE-2021-21994 PowerFlex rack
 		 Versions before 3.6.1.0 3.6.1.0 ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995 PowerFlex rack
 		 Versions before 3.6.1.0 3.6.1.0 ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170 PowerFlex rack
 		 All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0 3.3.10.0
3.4.5.0
3.5.5.0
3.6.1.0		 PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Historial de revisiones

RevisionDateDescription
1.02021-08-03Initial Release

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

PowerFlex rack, Product Security Information, PowerFlex Software
Propiedades del artículo
Número del artículo: 000190192
Tipo de artículo: Dell Security Advisory
Última modificación: 03 ago. 2021
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.