DSA-2021-253: Dell EMC PowerFlex Rack Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell EMC PowerFlex rack remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Bu makale şunlar için geçerlidir: Bu makale şunlar için geçerli değildir: Bu makale, belirli bir ürüne bağlı değildir. Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Diğer kaynaklara göz atın

Impact

Critical

Details

Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761
Component CVEs More information
vCenter Server CVE-2021-21991 VMSA-2021-0020
CVE-2021-21992
CVE-2021-21993
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
Dell Server BIOS Firmware CVE-2019-14553 KB article 191303: DSA-2021-176: Dell PowerEdge Server BIOS EDK II Vulnerability.
Cisco Switches CVE-2021-34714 cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
CVE-2021-1590 cisco-sa-nxos-login-blockfor-RwjGVEcu
CVE-2021-1588 cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
CVE-2021-1587 cisco-sa-nxos-ngoam-dos-LTDb9Hv
CVE-2019-1858 cisco-sa-20190515-nxos-snmp-dos
CVE-2019-1735 cisco-sa-20190515-nxos-cmdinj-1735
CVE-2019-1728 cisco-sa-20190515-nxos-conf-bypass
CVE-2019-1727 cisco-sa-20190515-nxos-pyth-escal
CVE-2019-1726 cisco-sa-20190515-nxos-cli-bypass
PowerFlex Manager CVE-2021-36345  
CVE-2004-2761
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Etkilenen Ürünler ve Düzeltme

CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
CVEs Addressed Product Affected Versions Updated Versions Fix package included in RCM
CVE-2021-21991 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 6.5 U3q (6.5.0.37000) 2021-09-21 18499837
CVE-2021-21992 Versions before 3.4.6.0 3.4.6.0 6.5 U3q Build number (18499837)
CVE-2021-21993 Versions before 3.5.6.0 3.5.6.0 6.7 Update 3o (6.7.0.50000)18485166 18485185
CVE-2021-22005
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22012
CVE-2021-22013
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22019
CVE-2021-22020
CVE-2019-14553  PowerFlex rack Versions before 3.3.11.0 3.3.11.0 BIOS Firmware 14G 2.12.2
Versions before 3.4.6.0 3.4.6.0 BIOS Firmware 14G 2.12.2
Versions before 3.5.6.0 3.5.6.0 BIOS Firmware 14G 2.12.2
CVE-2021-34714 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 Cisco Nexus OS 9.3(8)
CVE-2021-1590 Versions before 3.4.6.0 3.4.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1588 Versions before 3.5.6.0 3.5.6.0 Cisco Nexus OS 9.3(8)
CVE-2021-1587
CVE-2019-1858
CVE-2019-1735
CVE-2019-1728
CVE-2019-1727
CVE-2019-1726
CVE-2021-36345 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173
CVE-2004-2761 PowerFlex rack Versions before 3.3.11.0 3.3.11.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.4.6.0 3.4.6.0 PowerFlex Manager Version 3.8.0, Build 8173
Versions before 3.5.6.0 3.5.6.0 PowerFlex Manager Version 3.8.0, Build 8173

Links to update:
For RCM release information: https://cicodeportal.dell.com/#/home
For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

Revision History

RevisionDateDescription
1.02021-12-03Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Yasal Uyarı

Etkilenen Ürünler

PowerFlex rack, Product Security Information, PowerFlex Software
Makale Özellikleri
Article Number: 000194091
Article Type: Dell Security Advisory
Son Değiştirme: 03 Ara 2021
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.