DSA-2021-123: Dell PowerScale OneFS Security Update for multiple vulnerabilities
Сводка: Dell PowerScale OneFS remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Critical
Подробные сведения
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21567 | Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE | More information |
| Python | CVE-2021-3177 | See Advisory: Python Issue 42938 |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21567 | Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVE | More information |
| Python | CVE-2021-3177 | See Advisory: Python Issue 42938 |
Затронутые продукты и исправление
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3177 | 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 | Upgrade your version of OneFS | PowerScale Downloads Area |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the relevant GA-RUP_2021-06 | ||
| CVE-2021-21567 | 9.0.0.x | Upgrade your version of OneFS | |
| 9.1.0.x | Download and install the relevant GA-RUP_2021-06 |
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-3177 | 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 | Upgrade your version of OneFS | PowerScale Downloads Area |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the relevant GA-RUP_2021-06 | ||
| CVE-2021-21567 | 9.0.0.x | Upgrade your version of OneFS | |
| 9.1.0.x | Download and install the relevant GA-RUP_2021-06 |
История изменений
| Revision | Date | Description |
| 1.0 | 2021-07-12 | Initial Release |
Связанная информация
Правовая оговорка
Затронутые продукты
PowerScale OneFS, Product Security InformationСвойства статьи
Номер статьи: 000189495
Тип статьи: Dell Security Advisory
Последнее изменение: 15 Feb 2022
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.