DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Zhrnutie: Dell PowerStore Family remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Tento článok sa vzťahuje na Tento článok sa nevzťahuje na Tento článok nie je viazaný na žiadny konkrétny produkt. V tomto článku nie sú uvedené všetky verzie produktov.
Pozrite si ďalšie zdroje

Dosah

Critical

Podrobnosti

Third-party Component CVEs More Information
Apache Shiro CVE-2022-32532, CVE-2022-40664 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Babel

CVE-2021-42771

 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
binutils CVE-2021-20294, CVE-2021-20284, CVE-2021-20197, CVE-2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-16599, CVE-2021-3487, CVE-2020-35448, CVE-2020-35493, CVE-2020-35496, CVE-2020-35507 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
bindutils CVE-2022-38177, CVE-2022-38178, CVE-2022-2795 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Certifi CVE-2022-23491 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
cryptography CVE-2018-10903, CVE-2023-0286, CVE-2023-23931 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
com.google.code.gson CVE-2022-25647 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Future CVE-2022-40899 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
grub2 CVE-2022-28735, CVE-2022-28736, CVE-2022-28737 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
io.netty CVE-2022-24823, CVE-2022-41915, CVE-2022-41881 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
java-11-openjdk CVE-2022-21541, CVE-2022-34169, CVE-2022-21540, CVE-2022-21476, CVE-2022-21443, CVE-2022-21434, CVE-2022-21496, CVE-2022-21426, CVE-2021-35603, CVE-2021-35586, CVE-2021-35567, CVE-2021-35565, CVE-2021-35564, CVE-2021-35561, CVE-2021-35556, CVE-2021-35550, CVE-2021-35559, CVE-2021-35578, CVE-2021-2388, CVE-2021-2369, CVE-2021-2341 July 2022 CPUThis hyperlink is taking you to a website outside of Dell Technologies.April 2022 CPUThis hyperlink is taking you to a website outside of Dell Technologies.October 2021 CPUThis hyperlink is taking you to a website outside of Dell Technologies.July 2021 CPUThis hyperlink is taking you to a website outside of Dell Technologies.
kernel CVE-2022-36280, CVE-2022-38096, CVE-2023-0045, CVE-2023-0590, CVE-2023-0597, CVE-2023-1118, CVE-2023-22995, CVE-2023-23000, CVE-2023-23006, CVE-2023-23559, CVE-2023-26545 SUSE-SU-2023:0778-1This hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2022-42898 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libexpat1 CVE-2022-40674, CVE-2022-43680 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libfreebl3 CVE-2022-31741, CVE-2022-23491, CVE-2022-3479 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libgnutls30 CVE-2021-4209, CVE-2022-2509 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libharfbuzz0 CVE-2022-33068 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libonig4 CVE-2019-13224 CVE-2019-19246, CVE-2019-19204, CVE-2019-19203, CVE-2019-16163 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libpcre2-8-0 CVE-2019-20454, CVE-2022-1587 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libpixman-1-0 CVE-2022-44638 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libpq5 CVE-2022-2625, CVE-2022-41862 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libprotobuf-lite20 CVE-2022-3171 CVE-2022-1941 CVE-2021-22570 CVE-2021-22569 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libksba8 CVE-2022-47629, CVE-2022-3515 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libsasl2 CVE-2019-19906 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libsoftokn3, libsoftokn3-hmac CVE-2022-3479, CVE-2022-23491, CVE-2022-31741 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libtasn1 CVE-2021-46848 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libtirpc3, libtirpc-netconfig CVE-2021-46828 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2-2 CVE-2016-3709, CVE-2022-40303, CVE-2022-40304 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libXpm4 CVE-2022-4883 CVE-2022-46285 CVE-2022-44617 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxslt1, libxslt-tools CVE-2021-30560 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libz1 CVE-2022-37434 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
mozilla-nss, mozilla-nss-certs CVE-2022-31741, CVE-2022-23491, CVE-2022-3479 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
multipath-tools CVE-2022-41973, CVE-2022-41974 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
NuProcess

CVE-2022-39243

 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2022-2097, CVE-2022-1292, CVE-2022-2068, CVE-2023-0286, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Oxygen XML WebHelp

CVE-2021-46827

 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
paramiko CVE-2018-1000805, CVE-2022-24302 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
postgresql12 CVE-2022-41862 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
psutil CVE-2019-18874 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
pygments CVE-2021-20270, CVE-2021-27291 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2022-45061 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python3 CVE-2023-24329 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
rsync CVE-2022-29154 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
slf4j-ext CVE-2018-8088 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
sqlite3 CVE-2022-35737 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
strongSwan CVE-2021-45079, CVE-2021-41991, CVE-2021-41990 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
sudo CVE-2022-43995, CVE-2023-22809 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
telnet CVE-2022-39028 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Terracotta Quartz Scheduler CVE-2019-13990 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
twisted CVE-2022-24801, CVE-2022-21712 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vim, vim-common, vim-data CVE-2022-4292, CVE-2022-3520, CVE-2022-3591, CVE-2022-4141
 
 		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
vmtools CVE-2022-31676 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
woodstox CVE-2022-40152, CVE-2022-40153 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
xen-libs CVE-2022-42331, CVE-2022-42332, CVE-2022-42333, CVE-2022-42334 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
xterm, xterm-bin CVE-2022-45063 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
 
 

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32449 Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks. 7.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2023-32478		 Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. 9.0
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32449 Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks. 7.2
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2023-32478		 Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure. 9.0
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies odporúča všetkým svojim zákazníkom, aby sa riadili nielen základným skóre CVSS, ale aj prechodným skóre a skóre závažnosti v konkrétnych prostrediach, na základe ktorého môžu vyhodnotiť celkové riziko vo vlastnom prostredí.

Dotknuté produkty a riešenie problému

Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers
Product Software/Firmware Affected Versions Remediated Versions Link
PowerStore 500T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-500t/drivers
PowerStore 1000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-1000t/drivers
PowerStore 1200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-1200t/drivers
PowerStore 3000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-3000t/drivers
PowerStore 3200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-3200t/drivers
PowerStore 5000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-5000t/drivers
PowerStore 5200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-5200t/drivers
PowerStore 7000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-7000t/drivers
PowerStore 9000T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-9000t/drivers
PowerStore 9200T PowerStoreT OS Versions prior to 3.5.0.1-2083289 Version 3.5.0.1-2083289 https://www.dell.com/support/home/product-support/product/powerstore-9200t/drivers
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

História revízií

RevisionDateDescription
1.02023-06-20Initial Release
2.02023-07-20Added additional Third-party components, Added additional Proprietary CVE, Updated Affected Product and Remediation Table
3.02023-07-20Updated CVSS Base Score and CVSS Vector String for CVE-2023-32478
4.02024-01-08Updated for enhanced presentation with no change to content
5.02024-04-29Updated for enhanced presentation with no change to content
6.02024-06-12Updated for enhanced presentation with no change to content
7.02024-06-13Updated for enhanced presentation with no change to content

Súvisiace informácie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Dotknuté produkty

PowerStore 1000T, PowerStore 1200T, PowerStore 3000T, PowerStore 3200T, PowerStore 5000T, PowerStore 500T, PowerStore 5200T, PowerStore 7000T, PowerStore 9000T, PowerStore 9200T
Vlastnosti článku
Číslo článku: 000215171
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 13 jún 2024
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.