DSA-2024-090: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
Zhrnutie: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities in node firmware that could be exploited by malicious users to compromise the affected system.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
Critical
Podrobnosti
| Third-Party Component | CVEs | More Information |
|---|---|---|
| Dell PowerEdge BIOS | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2022-36763, CVE-2022-36764, CVE-2023-32460, CVE-2024-0172 | DSA-2023-357, DSA-2023-361, DSA-2024-035, INTEL-SA-00828 ,INTEL-SA-00813 |
Dotknuté produkty a riešenie problému
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVEs | Product | Software/Firmware | Affected versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2022-36763, CVE-2022-36764 | Isilon A200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon A2000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H400 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H500 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764 | Isilon H5600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, CVE-2022-40982 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-36763, CVE-2022-36764, | Isilon F800 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237, CVE-2022-43505, CVE-2022-40982, CVE-2023-32460, CVE-2024-0172 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.1 | Version 12.1 or later | PowerScale OneFS Downloads Area |
To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.1 Release Notes (dell.com).
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
Alternatívne riešenia a zmiernenia
| CVE | Workaround/Mitigations |
|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 | The critical CVEs are only applicable to PowerScale platforms with iDRAC, that have been configured to use PXE boot. |
História revízií
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-04 | Initial Release |
| 2.0 | 2024-04-10 | Added CVE-2024-0172 to the DSA |
| 3.0 | 2024-04-12 | Updated for enhanced presentation with no changes to content |
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
PowerScale, Isilon A200, Isilon A2000, Isilon H400, Isilon H500, Isilon H5600, Isilon H600, PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710
, PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100
...
Produkty
PowerScale OneFSVlastnosti článku
Číslo článku: 000222692
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 19 sep 2025
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.