DSA-2024-455: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
概要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
| Third-Party Component | CVEs | More information |
| BIOS | CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | https://nvd.nist.gov/ |
| iDRAC | CVE-2024-45762 | https://nvd.nist.gov/ |
| Dell SmartFabric OS10 | CVE-2022-1012,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-32296 | https://nvd.nist.gov/ |
影響を受ける製品と修復
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-1012, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-32296 | PowerScale OneFS with Dell PowerSwitch: Z9100, Z9264, S5232, S4112, S4148; Leaf/Spine (LS): Z9100, S5232, Z9264 | DNOS | Versions 8.2.0 through 9.10.0 | Version 10.5.5.5 or later | Please contact Dell support. |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-1012, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-32296 | PowerScale OneFS with Dell PowerSwitch: Z9100, Z9264, S5232, S4112, S4148; Leaf/Spine (LS): Z9100, S5232, Z9264 | DNOS | Versions 8.2.0 through 9.10.0 | Version 10.5.5.5 or later | Please contact Dell support. |
Note:
- We encourage all customers to upgrade to the remediated versions, if an upgrade is not feasible, we recommend customers to review the CVE details further to more accurately determine potential risk to their environment.
- To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.4 Release Notes documented in Firmware - PowerScale Info Hub.
- Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
- The following PowerScale OneFS with Dell Networking switch running Networking OS10 firmware version 10.5.5.5 or prior :
- Top Of Rack (Flat):Z9100, Z9264, S5232, S4112, S4148
- Leaf/Spine (LS): Z9100, S5232, Z9264
変更履歴
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2024-12-16 |
Initial Release |
|
2.0 |
2024-12-30 |
major update |
|
3.0 |
2024-12-30 |
formatting update with no content changes |
|
4.0 |
2025-02-06 |
major update: NFP 12.4.2 with iDRAC related CVEs and associated remediations added |
|
5.0 |
2025-07-23 |
Updated for enhanced presentation |
関連情報
法的免責事項
対象製品
PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F600, PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100, PowerScale Switch S4112F, PowerScale Switch S4148F
, PowerScale Switch S5232F, PowerScale Switch Z9100, PowerScale Switch Z9264
...
文書のプロパティ
文書番号: 000260794
文書の種類: Dell Security Advisory
最終更新: 23 7月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。