Ana içeriğe atla
  • Hızla ve kolayca sipariş verin
  • Siparişleri görüntüleyin ve kargonuzun durumunu izleyin
  • Ürünlerinizin listesini oluşturun ve listeye erişin
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000198226


DSA-2022-084: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details
Third-party Component CVEs More Information
VMware vCenter CVE-2022-22948 For more information, see VMware article VMSA-2022-0009
VMware ESXi CVE-2015-5180 CNU C Library
CVE-2015-8777
CVE-2015-8982
CVE-2016-10739
CVE-2016-3706
CVE-2017-1000366
CVE-2018-1000001
CVE-2018-19591
CVE-2019-19126
CVE-2020-10029
CVE-2021-29921 Python third party library
VxM SUSE Vulnerabilities CVE-2020-12762  
CVE-2020-13645
CVE-2020-27820
CVE-2020-27825
CVE-2020-29361
CVE-2020-8927
CVE-2021-0941
CVE-2021-20322
CVE-2021-22600
CVE-2021-23214
CVE-2021-23222
CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-31916
CVE-2021-33098
CVE-2021-3426
CVE-2021-34981
CVE-2021-3572
CVE-2021-37159
CVE-2021-3733
CVE-2021-3737
CVE-2021-39648
CVE-2021-39657
CVE-2021-4001
CVE-2021-4002
CVE-2021-4083
CVE-2021-4104
CVE-2021-4135
CVE-2021-4149
CVE-2021-4197
CVE-2021-4202
CVE-2021-42771
CVE-2021-43389
CVE-2021-43527
CVE-2021-43618
CVE-2021-43784
CVE-2021-43975
CVE-2021-43976
CVE-2021-44733
CVE-2021-45079
CVE-2021-45095
CVE-2021-45417
CVE-2021-45485
CVE-2021-45486
CVE-2021-45960
CVE-2021-46143
CVE-2022-0185
CVE-2022-0322
CVE-2022-0330
CVE-2022-0435
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-22942
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23437
CVE-2022-23852
CVE-2022-23990
iDRAC9 CVE-2021-3712 Dell KB article: DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities | Dell US
CVE-2021-36347
CVE-2021-36348
iDRAC9 CVE-2022-24422 See Dell KB article: DSA-2022-068 for more information
Spring CVE-2022-22965 Note: VxRail is not impacted by CVE-2022-22963.
PowerEdge EDK2 CVE-2019-14584 Dell KB article: DSA-2022-088
CVE-2021-28210
CVE-2021-28211
Intel Solid State Drive (SSD) CVE-2021-0148 Dell KB article: DSA-2022-027
See Intel workaround below
PowerEdge Server CVE-2021-26312 See Dell KB article: DSA-2022-126 for more details
CVE-2021-26339
CVE-2021-26342
CVE-2021-26347
CVE-2021-26348
CVE-2021-26349
CVE-2021-26350
CVE-2021-26364
CVE-2021-26372
CVE-2021-26373
CVE-2021-26375
CVE-2021-26376
CVE-2021-26378
CVE-2021-26388
Third-party Component CVEs More Information
VMware vCenter CVE-2022-22948 For more information, see VMware article VMSA-2022-0009
VMware ESXi CVE-2015-5180 CNU C Library
CVE-2015-8777
CVE-2015-8982
CVE-2016-10739
CVE-2016-3706
CVE-2017-1000366
CVE-2018-1000001
CVE-2018-19591
CVE-2019-19126
CVE-2020-10029
CVE-2021-29921 Python third party library
VxM SUSE Vulnerabilities CVE-2020-12762  
CVE-2020-13645
CVE-2020-27820
CVE-2020-27825
CVE-2020-29361
CVE-2020-8927
CVE-2021-0941
CVE-2021-20322
CVE-2021-22600
CVE-2021-23214
CVE-2021-23222
CVE-2021-28711
CVE-2021-28712
CVE-2021-28713
CVE-2021-28714
CVE-2021-28715
CVE-2021-31916
CVE-2021-33098
CVE-2021-3426
CVE-2021-34981
CVE-2021-3572
CVE-2021-37159
CVE-2021-3733
CVE-2021-3737
CVE-2021-39648
CVE-2021-39657
CVE-2021-4001
CVE-2021-4002
CVE-2021-4083
CVE-2021-4104
CVE-2021-4135
CVE-2021-4149
CVE-2021-4197
CVE-2021-4202
CVE-2021-42771
CVE-2021-43389
CVE-2021-43527
CVE-2021-43618
CVE-2021-43784
CVE-2021-43975
CVE-2021-43976
CVE-2021-44733
CVE-2021-45079
CVE-2021-45095
CVE-2021-45417
CVE-2021-45485
CVE-2021-45486
CVE-2021-45960
CVE-2021-46143
CVE-2022-0185
CVE-2022-0322
CVE-2022-0330
CVE-2022-0435
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-22942
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
CVE-2022-23437
CVE-2022-23852
CVE-2022-23990
iDRAC9 CVE-2021-3712 Dell KB article: DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities | Dell US
CVE-2021-36347
CVE-2021-36348
iDRAC9 CVE-2022-24422 See Dell KB article: DSA-2022-068 for more information
Spring CVE-2022-22965 Note: VxRail is not impacted by CVE-2022-22963.
PowerEdge EDK2 CVE-2019-14584 Dell KB article: DSA-2022-088
CVE-2021-28210
CVE-2021-28211
Intel Solid State Drive (SSD) CVE-2021-0148 Dell KB article: DSA-2022-027
See Intel workaround below
PowerEdge Server CVE-2021-26312 See Dell KB article: DSA-2022-126 for more details
CVE-2021-26339
CVE-2021-26342
CVE-2021-26347
CVE-2021-26348
CVE-2021-26349
CVE-2021-26350
CVE-2021-26364
CVE-2021-26372
CVE-2021-26373
CVE-2021-26375
CVE-2021-26376
CVE-2021-26378
CVE-2021-26388
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Product Affected Versions Updated Version
Dell VxRail Appliance 7.0.x versions before 7.0.370 7.0.370 (See NOTE in Workarounds and Mitigations section below.)
Product Affected Versions Updated Version
Dell VxRail Appliance 7.0.x versions before 7.0.370 7.0.370 (See NOTE in Workarounds and Mitigations section below.)
Workarounds and Mitigations

NOTE: STIG hardening version 2.0.001 resolves the VMware issue described in VMware article 88055, which blocked STIG hardening of VxRail 7.0.370 and later.  Additionally, if STIG hardening version 2.0.000 or earlier was applied to a VxRail cluster version 7.0.360 or earlier, STIG hardening version 2.0.001 must be applied before upgrading to VxRail 7.0.370 and later.

Caution: If running a STIG hardened VxRail version 7.0.370 or later, follow the steps seen in “Known issues” in the VxRail STIG Hardening Guide. However, if you have already removed the VMware ESXi STIG VIB, you can disregard this caution.

 

Product Affected Versions CVE Identifier Updated Versions Workarounds
Dell VxRail 7.0.x versions before 7.0.370 CVE-2021-0148 7.0.370 INTEL-SA-00535


Revision History

RevisionDateDescription
1.02022-04-12Initial Release
1.1 2022-04-28Added PowerEdge EDK2 CVE and Intel work around
1.22022-05-23Added CVE-2022-24422, PowerEdge Server CVEs, and removed PowerEdge BIOS CVEs
1.32022-07-27Added NOTE regarding VMware issue
1.42022-08-16Edited NOTE in Workaround & Mitigations section regarding STIG package

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product
VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series , VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VXRAIL P670F, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF, VXRAIL V670F ...
Last Published Date

18 Ağu 2022

Version

6

Article Type

Dell Security Advisory