DSA-2021-173: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities
Sommaire: Dell EMC VxFlex Ready Node contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Cet article s’applique à
Cet article ne s’applique pas à
Cet article n’est lié à aucun produit spécifique.
Toutes les versions de produits ne sont pas identifiées dans cet article.
Impact
High
Détails
| Component | CVE(s) | More information |
| Intel BIOS for VxFlex 14G nodes (R640\R740xd\R840) | CVE-2020-24511 | |
| CVE-2020-12358 | ||
| CVE-2020-12360 | ||
| CVE-2020-24486 | ||
| Dell EMC iDRAC for 14G VxFlex Ready nodes (R640\R740xd\R840) | CVE-2021-21576 | |
| CVE-2021-21577 | ||
| CVE-2021-21578 | ||
| CVE-2021-21579 | ||
| CVE-2021-21580 | ||
| CVE-2021-36301 | ||
| CVE-2021-21581 | ||
| CVE-2021-36299 | ||
| Dell EMC iDRAC for 13G ScaleIO Ready nodes (R630\R730xd) | CVE-2021-21580 | |
| CVE-2021-36301 | ||
| VMWare ESXi | CVE-2021-21994 | Workaround: See VMware article KB1025757 |
| CVE-2021-21995 | Workaround: See VMware articleKB76372 |
| Component | CVE(s) | More information |
| Intel BIOS for VxFlex 14G nodes (R640\R740xd\R840) | CVE-2020-24511 | |
| CVE-2020-12358 | ||
| CVE-2020-12360 | ||
| CVE-2020-24486 | ||
| Dell EMC iDRAC for 14G VxFlex Ready nodes (R640\R740xd\R840) | CVE-2021-21576 | |
| CVE-2021-21577 | ||
| CVE-2021-21578 | ||
| CVE-2021-21579 | ||
| CVE-2021-21580 | ||
| CVE-2021-36301 | ||
| CVE-2021-21581 | ||
| CVE-2021-36299 | ||
| Dell EMC iDRAC for 13G ScaleIO Ready nodes (R630\R730xd) | CVE-2021-21580 | |
| CVE-2021-36301 | ||
| VMWare ESXi | CVE-2021-21994 | Workaround: See VMware article KB1025757 |
| CVE-2021-21995 | Workaround: See VMware articleKB76372 |
Produits touchés et correction
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2020-24511 | Dell EMC VxFlex Ready Node(14G) | 14G nodes: R640, R740xd & R840 Firmware matrix prior to DTK and OME packages from December 2020 |
DTK and OME packages from June 2021 or later | Dell EMC VxFlex Ready Node firmware update tools: VxFlex Ready Node Drivers & Downloads File(s) Name
|
| CVE-2020-12358 | ||||
| CVE-2020-12360 | ||||
| CVE-2020-24486 | ||||
| CVE-2021-21576 | ||||
| CVE-2021-21577 | ||||
| CVE-2021-21578 | ||||
| CVE-2021-21579 | ||||
| CVE-2021-21580 | ||||
| CVE-2021-36301 | ||||
| CVE-2021-21581 | ||||
| CVE-2021-36299 | ||||
| CVE-2021-21580 | DELL EMC ScaleIO Ready Node (13G) | 13G nodes: R630, R730xd Firmware matrix prior to DTK and OME packages from June 2021 |
DTK and OME packages from June 2021 or later | Dell EMC VxFlex Ready Node firmware update tools: ScaleIO Ready Node-PowerEdge 13G Drivers & Downloads File(s) Name:
|
| CVE-2021-36301 | ||||
| CVE-2020-24511 | Dell EMC VxFlex Ready Node AMS managed Nodes | 13G nodes: R630, R730xd 14G nodes: R640, R740xd & R840 |
Automated Upgrade | AMS release with this firmware is Part of 3.0.1.6 release. Note: iDRAC upgrade is done manually post upgrade |
| CVE-2020-12358 | ||||
| CVE-2020-12360 | ||||
| CVE-2020-24486 | ||||
| CVE-2021-21576 | ||||
| CVE-2021-21577 | ||||
| CVE-2021-21578 | ||||
| CVE-2021-21579 | ||||
| CVE-2021-21580 | ||||
| CVE-2021-36301 | ||||
| CVE-2021-21581 | ||||
| CVE-2021-36299 | ||||
| CVE-2021-21994 | Dell EMC VxFlex Ready Node OS matrix | 7.0 1d and below 6.7 EP18 and below 6.5 EP23 and below |
ESXi 7.0 Update 2a ESXi 6.7 P05 |
May 2021 Note: ESXi 6.5 was removed from VxFlex Ready Node OS matrix since June 2021 |
| CVE-2021-21995 |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2020-24511 | Dell EMC VxFlex Ready Node(14G) | 14G nodes: R640, R740xd & R840 Firmware matrix prior to DTK and OME packages from December 2020 |
DTK and OME packages from June 2021 or later | Dell EMC VxFlex Ready Node firmware update tools: VxFlex Ready Node Drivers & Downloads File(s) Name
|
| CVE-2020-12358 | ||||
| CVE-2020-12360 | ||||
| CVE-2020-24486 | ||||
| CVE-2021-21576 | ||||
| CVE-2021-21577 | ||||
| CVE-2021-21578 | ||||
| CVE-2021-21579 | ||||
| CVE-2021-21580 | ||||
| CVE-2021-36301 | ||||
| CVE-2021-21581 | ||||
| CVE-2021-36299 | ||||
| CVE-2021-21580 | DELL EMC ScaleIO Ready Node (13G) | 13G nodes: R630, R730xd Firmware matrix prior to DTK and OME packages from June 2021 |
DTK and OME packages from June 2021 or later | Dell EMC VxFlex Ready Node firmware update tools: ScaleIO Ready Node-PowerEdge 13G Drivers & Downloads File(s) Name:
|
| CVE-2021-36301 | ||||
| CVE-2020-24511 | Dell EMC VxFlex Ready Node AMS managed Nodes | 13G nodes: R630, R730xd 14G nodes: R640, R740xd & R840 |
Automated Upgrade | AMS release with this firmware is Part of 3.0.1.6 release. Note: iDRAC upgrade is done manually post upgrade |
| CVE-2020-12358 | ||||
| CVE-2020-12360 | ||||
| CVE-2020-24486 | ||||
| CVE-2021-21576 | ||||
| CVE-2021-21577 | ||||
| CVE-2021-21578 | ||||
| CVE-2021-21579 | ||||
| CVE-2021-21580 | ||||
| CVE-2021-36301 | ||||
| CVE-2021-21581 | ||||
| CVE-2021-36299 | ||||
| CVE-2021-21994 | Dell EMC VxFlex Ready Node OS matrix | 7.0 1d and below 6.7 EP18 and below 6.5 EP23 and below |
ESXi 7.0 Update 2a ESXi 6.7 P05 |
May 2021 Note: ESXi 6.5 was removed from VxFlex Ready Node OS matrix since June 2021 |
| CVE-2021-21995 |
Solutions de contournement et mesures d’atténuation
- For AMS managed systems—Update iDRAC manually in AMS systems as described in: Upgrade iDRAC after system upgrade
- For AMS managed system—Update BIOS using the standard AMS upgrade process.
- ESXi patches
- For AMS managed systems—Update BIOS using the standard AMS upgrade process
- For NonAMS systems refer to the following guide for update guidelines: Upgrade the operating system to a major ESXi version
Historique de révision
| Revision | Date | Description |
| 1.0 | 2021-10-26 | Initial Release |
Renseignements connexes
Avis de non-responsabilité
Produits touchés
iDRAC9, VxFlex Ready Nodes, Product Security Information, VxFlex Ready Node, ScaleIO Ready Node-PowerEdge 13G, VxFlex Ready Node R640, VxFlex Ready Node R740xd, VxFlex Ready Node R840Propriétés de l’article
Numéro d’article: 000192818
Type d’article: Dell Security Advisory
Dernière modification: 26 oct. 2021
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.