DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
Résumé: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
Critical
Détails
| Third-Party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge BIOS | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2022-36763, CVE-2022-36764, CVE-2023-32460, CVE-2024-0172 | DSA-2023-357, DSA-2023-361, DSA-2024-035, INTEL-SA-00828 ,INTEL-SA-00813 |
Produits concernés et mesure corrective
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.1 Release Notes (dell.com).
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Solutions de contournement et mesures d’atténuation
| CVE | Workaround/Mitigations |
|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 | The critical CVEs are only applicable to PowerScale platforms with iDRAC, that have been configured to use PXE boot. |
Historique des révisions
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-04 | Initial Release |
| 2.0 | 2024-04-10 | Added CVE-2024-0172 to the DSA |
| 3.0 | 2024-04-12 | Updated for enhanced presentation with no changes to content |
Informations connexes
Mention légale
Produits concernés
PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710
, PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100
...
Produits
PowerScale OneFSPropriétés de l’article
Numéro d’article: 000222692
Type d’article: Dell Security Advisory
Dernière modification: 19 sept. 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.