DSA-2023-459: Security Update for Dell PowerScale OneFS for Multiple Third-Party Component Vulnerabilities
Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Critical
Gegevens
| Third-party Component | CVEs | More Information |
|---|---|---|
| Intel BIOS | CVE-2023-25537, CVE-2023-0215, CVE-2023-0286, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578, CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670, CVE-2017-5715 | DSA-2023-098, DSA-2023-134, INTEL-SA-00717  , DSA-2023-097 |
| Dell SmartFabric OS10 | CVE-2023-28078 | https://nvd.nist.gov/vuln/detail/CVE-2023-28078 |
Getroffen producten en herstel
| CVEs Addressed | Product | Software/Firmware | Affected Version | Remediated Version | Link |
|---|---|---|---|---|---|
| CVE-2023-28078 | PowerScale OneFS with Dell Networking switch running Networking OS10 firmware | DNOS | Versions prior to 10.5.2.13 | 10.5.2.13 | SmartFabric OS10 Drivers & Downloads |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | PowerScale F800 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | PowerScale F810 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2021-38578, CVE-2023-25537, CVE-2022-32231, CVE-2022-26343 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Software/Firmware | Affected Version | Remediated Version | Link |
|---|---|---|---|---|---|
| CVE-2023-28078 | PowerScale OneFS with Dell Networking switch running Networking OS10 firmware | DNOS | Versions prior to 10.5.2.13 | 10.5.2.13 | SmartFabric OS10 Drivers & Downloads |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | PowerScale F800 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | PowerScale F810 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2021-38578, CVE-2023-25537, CVE-2022-32231, CVE-2022-26343 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2022-0778, CVE-2021-3711, CVE-2021-3712, CVE-2021-30004, CVE-2020-8670 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2021-30004, CVE-2017-5715 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
| CVE-2023-25537, CVE-2023-0215, CVE-2022-4450, CVE-2023-0286, CVE-2022-4304, CVE-2022-32231, CVE-2022-26343, CVE-2021-38578 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.0 | Version 12.0 or later | PowerScale OneFS Downloads Area |
To determine which nodes require the upgrading, view the firmware assessment report. For instructions on completing the assessment and report, see the Run a firmware assessment section in the Release Notes.
CVE-2023-28078 contains PowerScale OneFS Versions from 8.2.x through 9.7.0.x with DNOS version prior to 10.5.2.13
CVE-2023-28078 contains PowerScale OneFS Versions from 8.2.x through 9.7.0.x with DNOS version prior to 10.5.2.13
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-01-04 | Initial Release |
| 2.0 | 2024-01-17 | The CVEs of AMI BIOS and Intel BIOS have been combined into one row |
| 3.0 | 2024-02-26 | Added CVE-2023-28078 to the DSA |
| 4.0 | 2024-05-22 | Updated for enhanced presentation with no changes to content. |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F600, PowerScale F900
, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100
...
Artikeleigenschappen
Artikelnummer: 000220650
Artikeltype: Dell Security Advisory
Laatst aangepast: 23 mei 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.