DSA-2024-267: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Critical
詳細資料
| Third-Party Component | CVEs | More information |
|---|---|---|
| BIOS | CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-38575, CVE-2023-39368, CVE-2024-0162, CVE-2024-0163 | DSA-2024-004: CVE-2024-0162 DSA-2024-003: CVE-2024-0163 See NVD link below for individual scores for each CVE. https://nvd.nist.gov/  |
| iDRAC | CVE-2023-29499, CVE-2023-48795 | DSA-2024-021: CVE-2023-48795 DSA-2024-286: CVE-2023-29499 See NVD link below for individual scores for each CVE. https://nvd.nist.gov/ |
受影響的產品與補救措施
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F210 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F710 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162 and CVE-2024-0163 | PowerScale F910 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-29499, CVE-2023-48795 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F210 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162, CVE-2024-0163 | PowerScale F710 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-38575, CVE-2023-39368, CVE-2023-48795, CVE-2024-0162 and CVE-2024-0163 | PowerScale F910 | PowerScale Node Firmware Package | Versions prior to 12.2 | Version 12.2 or later | PowerScale OneFS Downloads Area |
Caution: Due to the NFP installation issue with parallel upgrades, customers are advised not to perform parallel upgrades.
Note:
- We encourage all customers to upgrade to the remediated versions. If an upgrade is not feasible, we recommend customers review the CVE details further to determine potential risks to their environment more accurately.
- Please refer to the firmware assessment report to identify which nodes require upgrading. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.2 Release Notes (dell.com).
- CVE-2023-38575, CVE-2023-39368, CVE-2024-0162 and CVE-2024-0163 are only applicable PowerScale 16G.
修訂歷史記錄
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-07-01 | Initial Release |
| 2.0 | 2024-09-11 | Updated for enhanced presentation with no changes to content |
相關資訊
法律免責聲明
受影響的產品
PowerScale OneFS, PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F210, PowerScale F600, PowerScale F710, PowerScale F900, PowerScale F910, PowerScale Hybrid H700, PowerScale Hybrid H7000
, PowerScale P100
...
文章屬性
文章編號: 000226574
文章類型: Dell Security Advisory
上次修改時間: 11 9月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。