DSA-2021-123: Dell PowerScale OneFS Security Update for multiple vulnerabilities

Summary: Dell PowerScale OneFS remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Bu makale şunlar için geçerlidir: Bu makale şunlar için geçerli değildir: Bu makale, belirli bir ürüne bağlı değildir. Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Diğer kaynaklara göz atın

Impact

Critical

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21567 Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVE More information
Python CVE-2021-3177 See Advisory: Python Issue 42938  
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21567 Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Since this also affects Compliance mode, this is a critical vulnerability and Dell recommends upgrading at the earliest opportunity. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 
Third-party Component CVE More information
Python CVE-2021-3177 See Advisory: Python Issue 42938  
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Etkilenen Ürünler ve Düzeltme

CVEs Addressed  Affected Versions Updated Versions Link to Update
CVE-2021-3177 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 Upgrade your version of OneFS

PowerScale Downloads Area
8.1.2, 8.2.2, and 9.1.0.x Download and install the relevant GA-RUP_2021-06
CVE-2021-21567 9.0.0.x Upgrade your version of OneFS
9.1.0.x Download and install the relevant GA-RUP_2021-06
CVEs Addressed  Affected Versions Updated Versions Link to Update
CVE-2021-3177 8.1.x, 8.2x, 9.0.0.x, and 9.2.0 Upgrade your version of OneFS

PowerScale Downloads Area
8.1.2, 8.2.2, and 9.1.0.x Download and install the relevant GA-RUP_2021-06
CVE-2021-21567 9.0.0.x Upgrade your version of OneFS
9.1.0.x Download and install the relevant GA-RUP_2021-06

Revision History

RevisionDateDescription
1.02021-07-12Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Yasal Uyarı

Etkilenen Ürünler

PowerScale OneFS, Product Security Information
Makale Özellikleri
Article Number: 000189495
Article Type: Dell Security Advisory
Son Değiştirme: 15 Şub 2022
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.