DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
Riepilogo: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Critical
Dettagli
| Third-Party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge BIOS | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2022-36763, CVE-2022-36764, CVE-2023-32460, CVE-2024-0172 | DSA-2023-357, DSA-2023-361, DSA-2024-035, INTEL-SA-00828 ,INTEL-SA-00813 |
Prodotti interessati e correzione
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.1 Release Notes (dell.com).
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Soluzioni alternative e mitigazioni
| CVE | Workaround/Mitigations |
|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 | The critical CVEs are only applicable to PowerScale platforms with iDRAC, that have been configured to use PXE boot. |
Cronologia delle revisioni
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-04 | Initial Release |
| 2.0 | 2024-04-10 | Added CVE-2024-0172 to the DSA |
| 3.0 | 2024-04-12 | Updated for enhanced presentation with no changes to content |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710
, PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100
...
Prodotti
PowerScale OneFSProprietà dell'articolo
Numero articolo: 000222692
Tipo di articolo: Dell Security Advisory
Ultima modifica: 19 set 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.