Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000199050


DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Samenvatting: Dell Unity, Dell UnityVSA, and Dell Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article content


Impact

Critical

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29084 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More Information
aide CVE-2021-45417 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
 
apache2 CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
Apache-tomcat CVE-2021-25122
CVE-2021-25329
CVE-2021-30639
CVE-2021-30640
CVE-2021-33037
CVE-2021-41079
CVE-2021-42340
avahi CVE-2021-3468
cyrus-sasl CVE-2022-24407
Dell BSAFE™ Micro Edition Suite CVE-2020-5359 See Dell KB DSA-2020-114: https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities for individual scores for each CVE.
CVE-2020-5360
docker, containerd, runc CVE-2021-30465 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2021-32760
CVE-2021-41089
CVE-2021-41091
CVE-2021-41092
CVE-2021-41103
expat CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-23990
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
glibc CVE-2021-33574
CVE-2021-35942
json-c CVE-2020-12762
kernel CVE-2021-40490
libesmtp CVE-2019-19977
net-snmp CVE-2018-18065
CVE-2020-15862
openssl (Unisphere UI) CVE-2022-0778
p11-kit CVE-2020-29361
polkit CVE-2021-4034
python3 CVE-2021-3426
CVE-2021-3733
CVE-2021-3737
sqlite3 CVE-2015-3414
CVE-2015-3415
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-9327
tcpdump CVE-2018-16301
tiff CVE-2017-17095
CVE-2019-17546
CVE-2020-19131
CVE-2020-35521
CVE-2020-35522
CVE-2020-35523
CVE-2020-35524
CVE-2022-22844
ucode-intel CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
CVE-2021-0127
CVE-2021-0145
CVE-2021-0146
CVE-2021-33120
vim CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-3984
CVE-2021-4019
CVE-2021-4193
CVE-2021-46059
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
xerces-s CVE-2018-1311
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29084 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29085 Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVEs More Information
aide CVE-2021-45417 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
 
apache2 CVE-2021-33193
CVE-2021-34798
CVE-2021-36160
CVE-2021-39275
CVE-2021-40438
CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
Apache-tomcat CVE-2021-25122
CVE-2021-25329
CVE-2021-30639
CVE-2021-30640
CVE-2021-33037
CVE-2021-41079
CVE-2021-42340
avahi CVE-2021-3468
cyrus-sasl CVE-2022-24407
Dell BSAFE™ Micro Edition Suite CVE-2020-5359 See Dell KB DSA-2020-114: https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities for individual scores for each CVE.
CVE-2020-5360
docker, containerd, runc CVE-2021-30465 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2021-32760
CVE-2021-41089
CVE-2021-41091
CVE-2021-41092
CVE-2021-41103
expat CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-23990
CVE-2022-25235
CVE-2022-25236
CVE-2022-25313
CVE-2022-25314
CVE-2022-25315
glibc CVE-2021-33574
CVE-2021-35942
json-c CVE-2020-12762
kernel CVE-2021-40490
libesmtp CVE-2019-19977
net-snmp CVE-2018-18065
CVE-2020-15862
openssl (Unisphere UI) CVE-2022-0778
p11-kit CVE-2020-29361
polkit CVE-2021-4034
python3 CVE-2021-3426
CVE-2021-3733
CVE-2021-3737
sqlite3 CVE-2015-3414
CVE-2015-3415
CVE-2019-19244
CVE-2019-19317
CVE-2019-19603
CVE-2019-19645
CVE-2019-19646
CVE-2019-19880
CVE-2019-19923
CVE-2019-19924
CVE-2019-19925
CVE-2019-19926
CVE-2019-19959
CVE-2019-20218
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632
CVE-2020-15358
CVE-2020-9327
tcpdump CVE-2018-16301
tiff CVE-2017-17095
CVE-2019-17546
CVE-2020-19131
CVE-2020-35521
CVE-2020-35522
CVE-2020-35523
CVE-2020-35524
CVE-2022-22844
ucode-intel CVE-2020-24489
CVE-2020-24511
CVE-2020-24512
CVE-2020-24513
CVE-2021-0127
CVE-2021-0145
CVE-2021-0146
CVE-2021-33120
vim CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3927
CVE-2021-3928
CVE-2021-3984
CVE-2021-4019
CVE-2021-4193
CVE-2021-46059
CVE-2022-0319
CVE-2022-0351
CVE-2022-0361
CVE-2022-0413
xerces-s CVE-2018-1311

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Products Affected Versions Updated Versions Link to Update
Dell Unity Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Dell Unity XT Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Products Affected Versions Updated Versions Link to Update
Dell Unity Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173 https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
Dell UnityVSA Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Dell Unity XT Operating Environment (OE) Before 5.2.0.0.5.173 5.2.0.0.5.173
Revisiegeschiedenis

RevisionDateMore Information
1.02022-04-29Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

Product

Product Security Information, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC UnityVSA (Virtual Storage Appliance)

Datum laatst gepubliceerd

29 apr 2022

Versie

1

Artikeltype

Dell Security Advisory