Numéro d’article: 000194640

DSA-2021-226: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax vApp, Dell EMC Solutions Enabler vApp, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax EMB Mgmt Security Update for Multiple Third-Party Component Vulnerabilities

Résumé: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, Dell EMC Unisphere 360, Dell EMC VASA, and Dell EMC PowerMax Embedded Management contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Contenu de l’article

Impact

Critical

Détails

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36338	Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.	6.3	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339	The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Third-party Component	CVEs	More information
SLES 12 SP5	See SUSE Update Advisories.	See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories. SUSE-SU-2021:3290-1 SUSE-SU-2021:3289-1 SUSE-SU-2021:3251-1 SUSE-SU-2021:3215-1 SUSE-SU-2021:3214-1 SUSE-SU-2021:3206-1 SUSE-SU-2021:3180-1 SUSE-SU-2021:3144-1 SUSE-SU-2021:3121-1 SUSE-SU-2021:2995-1 SUSE-SU-2021:2930-1 SUSE-SU-2021:2930-1 SUSE-SU-2021:2917-1 SUSE-SU-2021:2876-1 SUSE-SU-2021:2813-1 SUSE-SU-2021:2808-1 SUSE-SU-2021:2808-1 SUSE-SU-2021:2615-1 SUSE-SU-2021:2590-1 SUSE-SU-2021:2462-1 SUSE-SU-2021:2451-1 SUSE-SU-2021:2424-1 SUSE-SU-2021:2423-1 SUSE-SU-2021:2405-1 SUSE-SU-2021:2236-1 SUSE-SU-2021:1957-1 SUSE-SU-2021:1952-1 SUSE-SU-2021:1646-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1494-1 SUSE-SU-2021:1468-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1438-1 SUSE-SU-2021:0693-1 SUSE-SU-2020:0920-2
Oracle	CVE-2021-35603 CVE-2021-35588 CVE-2021-35586 CVE-2021-35578 CVE-2021-35567 CVE-2021-35565 CVE-2021-35564 CVE-2021-35561 CVE-2021-35560 CVE-2021-35559 CVE-2021-35556 CVE-2021-35550 CVE-2021-3522 CVE-2021-3517 CVE-2021-27290	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10	CVE-2021-41347 CVE-2021-41345 CVE-2021-41343 CVE-2021-41342 CVE-2021-41340 CVE-2021-41338 CVE-2021-41335 CVE-2021-41332 CVE-2021-41331 CVE-2021-41330 CVE-2021-40489 CVE-2021-40488 CVE-2021-40478 CVE-2021-40477 CVE-2021-40476 CVE-2021-40475 CVE-2021-40470 CVE-2021-40467 CVE-2021-40466 CVE-2021-40465 CVE-2021-40464 CVE-2021-40463 CVE-2021-40462 CVE-2021-40460 CVE-2021-40455 CVE-2021-40454 CVE-2021-40450 CVE-2021-40449 CVE-2021-40447 CVE-2021-40444 CVE-2021-40443 CVE-2021-38671 CVE-2021-38667 CVE-2021-38663 CVE-2021-38662 CVE-2021-38639 CVE-2021-38638 CVE-2021-38637 CVE-2021-38636 CVE-2021-38635 CVE-2021-38634 CVE-2021-38633 CVE-2021-38632 CVE-2021-38630 CVE-2021-38629 CVE-2021-38628 CVE-2021-38624 CVE-2021-36975 CVE-2021-36974 CVE-2021-36973 CVE-2021-36972 CVE-2021-36970 CVE-2021-36969 CVE-2021-36967 CVE-2021-36966 CVE-2021-36965 CVE-2021-36964 CVE-2021-36963 CVE-2021-36962 CVE-2021-36961 CVE-2021-36960 CVE-2021-36959 CVE-2021-36958 CVE-2021-36955 CVE-2021-36954 CVE-2021-36953 CVE-2021-36948 CVE-2021-36947 CVE-2021-36938 CVE-2021-36937 CVE-2021-36936 CVE-2021-36933 CVE-2021-36932 CVE-2021-36926 CVE-2021-34537 CVE-2021-34536 CVE-2021-34535 CVE-2021-34534 CVE-2021-34533 CVE-2021-34530 CVE-2021-34487 CVE-2021-34486 CVE-2021-34484 CVE-2021-34483 CVE-2021-34480 CVE-2021-26442 CVE-2021-26441 CVE-2021-26435 CVE-2021-26433 CVE-2021-26432 CVE-2021-26426 CVE-2021-26425 CVE-2021-26424	See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36338	Unisphere for PowerMax versions before 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.	6.3	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVE-2021-36339	The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Third-party Component	CVEs	More information
SLES 12 SP5	See SUSE Update Advisories.	See https://www.suse.com/support/update/ for more information on the following SUSE Update Advisories. SUSE-SU-2021:3290-1 SUSE-SU-2021:3289-1 SUSE-SU-2021:3251-1 SUSE-SU-2021:3215-1 SUSE-SU-2021:3214-1 SUSE-SU-2021:3206-1 SUSE-SU-2021:3180-1 SUSE-SU-2021:3144-1 SUSE-SU-2021:3121-1 SUSE-SU-2021:2995-1 SUSE-SU-2021:2930-1 SUSE-SU-2021:2930-1 SUSE-SU-2021:2917-1 SUSE-SU-2021:2876-1 SUSE-SU-2021:2813-1 SUSE-SU-2021:2808-1 SUSE-SU-2021:2808-1 SUSE-SU-2021:2615-1 SUSE-SU-2021:2590-1 SUSE-SU-2021:2462-1 SUSE-SU-2021:2451-1 SUSE-SU-2021:2424-1 SUSE-SU-2021:2423-1 SUSE-SU-2021:2405-1 SUSE-SU-2021:2236-1 SUSE-SU-2021:1957-1 SUSE-SU-2021:1952-1 SUSE-SU-2021:1646-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1494-1 SUSE-SU-2021:1468-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1438-1 SUSE-SU-2021:0693-1 SUSE-SU-2020:0920-2
Oracle	CVE-2021-35603 CVE-2021-35588 CVE-2021-35586 CVE-2021-35578 CVE-2021-35567 CVE-2021-35565 CVE-2021-35564 CVE-2021-35561 CVE-2021-35560 CVE-2021-35559 CVE-2021-35556 CVE-2021-35550 CVE-2021-3522 CVE-2021-3517 CVE-2021-27290	See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Windows 10	CVE-2021-41347 CVE-2021-41345 CVE-2021-41343 CVE-2021-41342 CVE-2021-41340 CVE-2021-41338 CVE-2021-41335 CVE-2021-41332 CVE-2021-41331 CVE-2021-41330 CVE-2021-40489 CVE-2021-40488 CVE-2021-40478 CVE-2021-40477 CVE-2021-40476 CVE-2021-40475 CVE-2021-40470 CVE-2021-40467 CVE-2021-40466 CVE-2021-40465 CVE-2021-40464 CVE-2021-40463 CVE-2021-40462 CVE-2021-40460 CVE-2021-40455 CVE-2021-40454 CVE-2021-40450 CVE-2021-40449 CVE-2021-40447 CVE-2021-40444 CVE-2021-40443 CVE-2021-38671 CVE-2021-38667 CVE-2021-38663 CVE-2021-38662 CVE-2021-38639 CVE-2021-38638 CVE-2021-38637 CVE-2021-38636 CVE-2021-38635 CVE-2021-38634 CVE-2021-38633 CVE-2021-38632 CVE-2021-38630 CVE-2021-38629 CVE-2021-38628 CVE-2021-38624 CVE-2021-36975 CVE-2021-36974 CVE-2021-36973 CVE-2021-36972 CVE-2021-36970 CVE-2021-36969 CVE-2021-36967 CVE-2021-36966 CVE-2021-36965 CVE-2021-36964 CVE-2021-36963 CVE-2021-36962 CVE-2021-36961 CVE-2021-36960 CVE-2021-36959 CVE-2021-36958 CVE-2021-36955 CVE-2021-36954 CVE-2021-36953 CVE-2021-36948 CVE-2021-36947 CVE-2021-36938 CVE-2021-36937 CVE-2021-36936 CVE-2021-36933 CVE-2021-36932 CVE-2021-36926 CVE-2021-34537 CVE-2021-34536 CVE-2021-34535 CVE-2021-34534 CVE-2021-34533 CVE-2021-34530 CVE-2021-34487 CVE-2021-34486 CVE-2021-34484 CVE-2021-34483 CVE-2021-34480 CVE-2021-26442 CVE-2021-26441 CVE-2021-26435 CVE-2021-26433 CVE-2021-26432 CVE-2021-26426 CVE-2021-26425 CVE-2021-26424	See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

Product	Affected Versions	Updated Versions	Link to Update
Unisphere for PowerMax	Versions before 9.1.0.31	9.1.0.31 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.1.0.31	9.1.0.31 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax	Versions before 9.2.3.4	9.2.3.4 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.2.3.4	9.2.3.4 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360	Versions before 9.1.0.29	9.1.0.29	https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360	Versions before 9.2.3.3	9.2.3.3	https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler	Versions before 9.1.0.18	9.1.0.18 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.1.0.18	9.1.0.18 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler	Versions before 9.2.3.0	9.2.3.0 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.2.3.0	9.2.3.0 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA	Versions before 9.1.0.723	9.1.0.723	https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA	Versions before 9.2.3.0	9.2.3.0	https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS	5978	5978	Request OPT 593570 for Foxtail SR and Hickory SR.

Product	Affected Versions	Updated Versions	Link to Update
Unisphere for PowerMax	Versions before 9.1.0.31	9.1.0.31 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.1.0.31	9.1.0.31 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax	Versions before 9.2.3.4	9.2.3.4 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere for PowerMax Virtual Appliance	Versions before 9.2.3.4	9.2.3.4 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/unisphere-powermax/drivers
Unisphere 360	Versions before 9.1.0.29	9.1.0.29	https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Unisphere 360	Versions before 9.2.3.3	9.2.3.3	https://www.dell.com/support/home/product-support/product/unisphere-360/drivers
Solutions Enabler	Versions before 9.1.0.18	9.1.0.18 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.1.0.18	9.1.0.18 EEM: 9.1.0.860	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler	Versions before 9.2.3.0	9.2.3.0 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
Solutions Enabler Virtual Appliance	Versions before 9.2.3.0	9.2.3.0 EEM: 9.2.3.10	https://www.dell.com/support/home/product-support/product/solutions-enabler/drivers
VASA	Versions before 9.1.0.723	9.1.0.723	https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
VASA	Versions before 9.2.3.0	9.2.3.0	https://www.dell.com/support/home/product-support/product/vasa-provider/drivers
PowerMax OS	5978	5978	Request OPT 593570 for Foxtail SR and Hickory SR.

Remerciements

CVE-2021-36338: Dell Technologies would like to thank Mateusz Dąbrowski for reporting this issue.

CVE-2021-36339: Dell Technologies would like to thank Thorsten Tüllmann for reporting this issue.

Historique des révisions

Revision	Date	Description
1.0	2021-12-19	PowerMax Q4 2021 Quarterly Security Update

Informations connexes

Informations légales

Propriétés de l’article

Produit concerné

PowerMax, PowerMax, PowerMaxOS 5978, Product Security Information, Solutions Enabler, Solutions Enabler Series, Unisphere 360, Unisphere for PowerMax, VASA Provider

Dernière date de publication

20 déc. 2021

Version

Type d’article

Dell Security Advisory

Haut de la page

Bienvenue

Bienvenue dans l’univers Dell