DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

摘要: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

修订历史记录

法律免责声明

受影响的产品

提供反馈

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

Critical

详情

Third-Party Component	CVEs	More information
VMware vCenter Server	CVE-2021-21985	VMSA-2021-0010
VMware vCenter Server	CVE-2021-21986	VMSA-2021-0010
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
Dell Server BIOS Firmware (Intel)	CVE-2020-24511	INTEL-SA-00463 INTEL-SA-00464
	CVE-2020-12358
	CVE-2020-12360
	CVE-2020-24486
Dell Server iDRAC	CVE-2020-26198	DSA-2020-268
	CVE- 2021-21510
Cisco Nexus Switch	CVE-2021-1368	cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager	CVE-1999-0170

Third-Party Component	CVEs	More information
VMware vCenter Server	CVE-2021-21985	VMSA-2021-0010
VMware vCenter Server	CVE-2021-21986	VMSA-2021-0010
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
Dell Server BIOS Firmware (Intel)	CVE-2020-24511	INTEL-SA-00463 INTEL-SA-00464
	CVE-2020-12358
	CVE-2020-12360
	CVE-2020-24486
Dell Server iDRAC	CVE-2020-26198	DSA-2020-268
	CVE- 2021-21510
Cisco Nexus Switch	CVE-2021-1368	cisco-sa-nxos-udld-rce-xetH6w35
PowerFlex Manager	CVE-1999-0170

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

CVEs Addressed	Product	Affected Versions	Updated Versions	Fix package include in RCM
CVE-2021-21985	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.4.5.0	3.4.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.5.5.0	3.5.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.6.1.0	3.6.1.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.4.5.0	3.4.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.5.5.0	3.5.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.6.1.0	3.6.1.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	9.3(7)
CVE-2021-21994	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170	PowerFlex rack	All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0	3.3.10.0 3.4.5.0 3.5.5.0 3.6.1.0	PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

CVEs Addressed	Product	Affected Versions	Updated Versions	Fix package include in RCM
CVE-2021-21985	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2021-21986	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.4.5.0	3.4.5.0	vCSA 6.5 Update 3p (Build Number 17994927)
		Versions before 3.5.5.0	3.5.5.0	vCSA 6.7 Update 3n (Build Number 18010531, Client/MOB/vpxd.log 18010599)
		Versions before 3.6.1.0	3.6.1.0	vCSA 7.0 update 2b (Build Number 17958471, Client/MOB/vpxd.log 17958471)
CVE-2020-24511	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12358	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-12360	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-24486	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.4.5.0	3.4.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.5.5.0	3.5.5.0	Dell Server BIOS Firmware (14G) - 2.11.2
		Versions before 3.6.1.0	3.6.1.0	Dell Server BIOS Firmware (14G) - 2.11.2
CVE-2020-26198	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.4.5.0	3.4.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.5.5.0	3.5.5.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
		Versions before 3.6.1.0	3.6.1.0	Dell Server iDRAC / Lifecycle Controller Firmware -4.40.10.00
CVE- 2021-21510	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.4.5.0	3.4.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.5.5.0	3.5.5.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
		Versions before 3.6.1.0	3.6.1.0	iDRAC / Lifecycle Controller Firmware - 2.80.80.80
CVE-2021-1368	PowerFlex rack	Versions before 3.3.10.0	3.3.10.0	9.3(7)
CVE-2021-21994	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-2021-21995	PowerFlex rack	Versions before 3.6.1.0	3.6.1.0	ESXi 7.0 Update 2a (Build Number 17867351)
CVE-1999-0170	PowerFlex rack	All RCM trains before 3.3.10.0, 3.4.5.0, 3.5.5.0, and 3.6.1.0	3.3.10.0 3.4.5.0 3.5.5.0 3.6.1.0	PowerFlex Manager version 3.7.0-7776

Links to update:
For RCM release information: https://cpsdocs.dellemc.com/rcm/#/home

For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417

修订历史记录

Revision	Date	Description
1.0	2021-08-03	Initial Release

法律免责声明

受影响的产品

PowerFlex rack, Product Security Information, PowerFlex Software

文章编号: 000190192

文章类型: Dell Security Advisory

上次修改时间: 03 8月 2021

DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

摘要: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

DSA-2021-149: Dell EMC PowerFlex rack Security Update for Multiple Third-party Component Vulnerabilities

摘要: Dell EMC PowerFlex rack contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

文章属性

从其他戴尔用户那里查找问题的答案

支持服务

文章属性

从其他戴尔用户那里查找问题的答案

支持服务