DSA-2024-455: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities
摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
High
詳細資料
| Third-Party Component | CVEs | More information |
| BIOS | CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | https://nvd.nist.gov/ |
| iDRAC | CVE-2024-45762 | https://nvd.nist.gov/ |
| Dell SmartFabric OS10 | CVE-2022-1012,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-32296 | https://nvd.nist.gov/ |
受影響的產品與補救措施
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-1012, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-32296 | PowerScale OneFS with Dell PowerSwitch: Z9100, Z9264, S5232, S4112, S4148; Leaf/Spine (LS): Z9100, S5232, Z9264 | DNOS | Versions 8.2.0 through 9.10.0 | Version 10.5.5.5 or later | Please contact Dell support. |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A300 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Archive A3000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H700 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2021-33164, CVE-2024-24853, CVE-2023-39538, CVE-2023-39539, CVE-2024-21781 | PowerScale Hybrid H7000 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F200 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F600 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale F900 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale B100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-45762 | PowerScale P100 | PowerScale Node Firmware Package | Versions prior to 12.4.1 | Version 12.4.1 or later | PowerScale OneFS Downloads Area |
| CVE-2022-1012, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-32296 | PowerScale OneFS with Dell PowerSwitch: Z9100, Z9264, S5232, S4112, S4148; Leaf/Spine (LS): Z9100, S5232, Z9264 | DNOS | Versions 8.2.0 through 9.10.0 | Version 10.5.5.5 or later | Please contact Dell support. |
Note:
- We encourage all customers to upgrade to the remediated versions, if an upgrade is not feasible, we recommend customers to review the CVE details further to more accurately determine potential risk to their environment.
- To identify which nodes require upgrading, please refer to the firmware assessment report. For instructions on completing the assessment and report, please refer to the "Run a firmware assessment" section in PowerScale Node Firmware Package 12.4 Release Notes documented in Firmware - PowerScale Info Hub.
- Due to the NFP installation issue with parallel upgrade, customers are advised not to perform parallel upgrades.
- The following PowerScale OneFS with Dell Networking switch running Networking OS10 firmware version 10.5.5.5 or prior :
- Top Of Rack (Flat):Z9100, Z9264, S5232, S4112, S4148
- Leaf/Spine (LS): Z9100, S5232, Z9264
修訂歷史記錄
|
Revision |
Date |
Description |
|---|---|---|
|
1.0 |
2024-12-16 |
Initial Release |
|
2.0 |
2024-12-30 |
major update |
|
3.0 |
2024-12-30 |
formatting update with no content changes |
|
4.0 |
2025-02-06 |
major update: NFP 12.4.2 with iDRAC related CVEs and associated remediations added |
|
5.0 |
2025-07-23 |
Updated for enhanced presentation |
相關資訊
法律免責聲明
受影響的產品
PowerScale Archive A300, PowerScale Archive A3000, PowerScale B100, PowerScale F200, PowerScale F600, PowerScale F900, PowerScale Hybrid H700, PowerScale Hybrid H7000, PowerScale P100, PowerScale Switch S4112F, PowerScale Switch S4148F
, PowerScale Switch S5232F, PowerScale Switch Z9100, PowerScale Switch Z9264
...
文章屬性
文章編號: 000260794
文章類型: Dell Security Advisory
上次修改時間: 23 7月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。