Advisory for Dell Security Update

  • NIC-CERT/2022-08/340
  • Date: 2022-08-03
  • CVE ID: Multiple
  • Severity: Critical

Description:

A vulnerability has been reported in Dell product which could allow an attacker to compromise the affected system.

Security Issues Fixed:

Dell Avamar vCloud Director Data Protection Extension remediation is available for the Apache Log4j Remote Code Execution Vulnerability that may be exploited by malicious users to compromise the affected system. Dell recommends implementing this remediation as soon as possible considering the critical severity of the vulnerability. Dell Hybrid Client remediation is available for a Google Chrome vulnerability that may be exploited by malicious users to compromise the affected system. Remediation is available for Intel Platform Update (IPU) components that are used by Dell PowerEdge Servers that may be exploited by malicious users to compromise the affected system. Dell VNX2 Operating Environment for File contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell Data Computing Appliance (DCA) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Details:

Third-party Component

CVEs

More information

Apache Log4j

CVE-2021-44228
CVE-2021-45046

Apache Log4j Remote Code Execution

Google Chrome

CVE-2022-2294

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

Dell PowerEdge BIOS

CVE-2020-24511

Intel Advisories

CVE-2020-24512

CVE-2020-8670

CVE-2020-12357

CVE-2020-12358

CVE-2020-12360

CVE-2021-0095

CVE-2020-24486

CVE-2020-24509

CVE-2020-24507

CVE-2020-8703

CVE-2020-24506

JRE

CVE-2021-3517

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2021-35560

CVE-2021-35567

NTLM

CVE-2021-31958

kernel

CVE-2021-4028

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2021-4083

CVE-2022-0492

CVE-2020-0465

CVE-2020-0466

CVE-2021-0920

CVE-2021-3564

CVE-2021-3573

CVE-2021-3752

CVE-2021-4155

CVE-2022-0330

CVE-2022-22942

libxml2

CVE-2016-4658

libX11

CVE-2021-31535

httpd

CVE-2021-40438

CVE-2022-22720

CVE-2021-26691

CVE-2021-34798

CVE-2021-39275

CVE-2021-44790

nss

CVE-2021-43527

CVE-2020-25648

sssd

CVE-2021-3621

xorg-x11-server

CVE-2021-3472

CVE-2021-4008

CVE-2021-4009

CVE-2021-4010

CVE-2021-4011

java-1.8.0-openjdk

CVE-2022-21248

CVE-2022-21282

CVE-2022-21283

CVE-2022-21293

CVE-2022-21294

CVE-2022-21296

CVE-2022-21299

CVE-2022-21305

CVE-2022-21340

CVE-2022-21341

CVE-2022-21360

CVE-2022-21365

polkit

CVE-2021-4034

openssl

CVE-2021-3712

CVE-2022-0778

rpm

CVE-2021-20271

openldap

CVE-2020-25692

CVE-2020-25709

CVE-2020-25710

Ansible

CVE-2021-3620

openssh

CVE-2021-41617

nettle

CVE-2021-20305

CVE-2021-20305

binutils

CVE-2021-42574

bind

CVE-2021-25214

CVE-2021-25215

microcode_ctl

CVE-2020-0543

CVE-2020-0548

CVE-2020-0549

CVE-2020-24489

CVE-2020-24511

CVE-2020-24512

CVE-2020-8695

CVE-2020-8696

CVE-2020-8698

CVE-2020-24489

CVE-2020-24511

CVE-2020-24512

CVE-2020-24513

Krb5

CVE-2021-37750

glib2

CVE-2021-27219

cyrus-sasl

CVE-2022-24407

gzip

CVE-2022-1271

zlib

CVE-2018-25032

rsyslog

CVE-2022-24903

postgresql

CVE-2019-10208

CVE-2020-25694

CVE-2020-25695

CVE-2021-32027

CVE-2022-1552

xz

CVE-2022-1271

expat

CVE-2021-45960

CVE-2021-46143

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-22825

CVE-2022-22826

CVE-2022-22827

CVE-2022-23852

CVE-2022-25235

CVE-2022-25236

CVE-2022-25315

INTEL-TA-00525

CVE-2020-0592

CVE-2020-8738

CVE-2020-8740

CVE-2020-8764

CVE-2020-12357

CVE-2020-12360

CVE-2021-0092

CVE-2021-0144

Affected Products and Remediation:

Product

Affected Versions

Updated Versions

Link to Update

vCloud Director Data Protection Extension

18.2

Upgrade to 19.4 or latest

https://www.dell.com/support/home/en-us/product-support/product/vcloud-director-data-protection-extension/drivers

19.1

Upgrade to 19.4 or latest

19.2

Upgrade to 19.4 or latest

19.3

Upgrade to 19.4 or latest

19.4

19.4.0.214_HF.5

https://dl.dell.com/downloads/DL107262_vCloud-Director-Data-Protection-Extension-19.4-(Hotfix-333650).zip

Dell Hybrid Client

1.5

Upgrade to 1.6, 1.6.1, or1.6.2 and apply Security Add-on.

Dell Hybrid Client Security Add-on

1.6, 1.6.1, and 1.6.2

Security Add-on

R740

Before 2.11.2

2.11.2

R740 Drivers & Downloads

R740XD

Before 2.11.2

2.11.2

R740XD Drivers & Downloads

R640

Before 2.11.2

2.11.2

R640 Drivers & Downloads

R940

Before 2.11.2

2.11.2

R940 Drivers & Downloads

R540

Before 2.11.2

2.11.2

R540 Drivers & Downloads

R440

Before 2.11.2

2.11.2

R440 Drivers & Downloads

T440

Before 2.11.2

2.11.2

T440 Drivers & Downloads

XR2

Before 2.11.2

2.11.2

XR2 Drivers & Downloads

R740XD2

Before 2.11.2

2.11.2

R740XD2 Drivers & Downloads

R840

Before 2.11.2

2.11.2

R840 Drivers & Downloads

R940XA

Before 2.11.2

2.11.2

R940XA Drivers & Downloads

T640

Before 2.11.2

2.11.2

T640 Drivers & Downloads

C6420

Before 2.11.2

2.11.2

C6420 Drivers & Downloads

FC640

Before 2.11.2

2.11.2

FC640 Drivers & Downloads

M640

Before 2.11.2

2.11.2

M640 Drivers & Downloads

M640P

Before 2.11.2

2.11.2

M640P Drivers & Downloads

MX740C

Before 2.11.2

2.11.2

MX740C Drivers & Downloads

MX840C

Before 2.11.2

2.11.2

MX840C Drivers & Downloads

C4140

Before 2.11.2

2.11.2

C4140 Drivers & Downloads

T140

Before 2.5.1

2.5.1

T140 Drivers & Downloads

T340

Before 2.5.1

2.5.1

T340 Drivers & Downloads

R240

Before 2.5.1

2.5.1

R240 Drivers & Downloads

R340

Before 2.5.1

2.5.1

R340 Drivers & Downloads

T40

Before 1.8.0

1.8.0

T40 Drivers & Downloads

R730

Before 2.15.0

2.15.0

R730 Drivers & Downloads

R730XD

Before 2.15.0

2.15.0

R730XD Drivers & Downloads

R630

Before 2.15.0

2.15.0

R630 Drivers & Downloads

R930

Before 2.10.1

2.10.1

R930 Drivers & Downloads

C4130

Before 2.15.0

2.15.0

C4130 Drivers & Downloads

M630

Before 2.15.0

2.15.0

M630 Drivers & Downloads

M630P

Before 2.15.0

2.15.0

M630P Drivers & Downloads

FC630

Before 2.15.0

2.15.0

FC630 Drivers & Downloads

FC430

Before 2.15.0

2.15.0

FC430 Drivers & Downloads

M830

Before 2.15.0

2.15.0

M830 Drivers & Downloads

M830P

Before 2.15.0

2.15.0

M830P Drivers & Downloads

FC830

Before 2.15.0

2.15.0

FC830 Drivers & Downloads

T630

Before 2.15.0

2.15.0

T630 Drivers & Downloads

R530

Before 2.15.0

2.15.0

R530 Drivers & Downloads

R430

Before 2.15.0

2.15.0

R430 Drivers & Downloads

T430

Before 2.15.0

2.15.0

T430 Drivers & Downloads

T130

Before 2.14.0

2.14.0

T130 Drivers & Downloads

R230

Before 2.14.0

2.14.0

R230 Drivers & Downloads

T330

Before 2.14.0

2.14.0

T330 Drivers & Downloads

R330

Before 2.14.0

2.14.0

R330 Drivers & Downloads

R830

Before 1.15.0

1.15.0

R830 Drivers & Downloads

C6320

Before 2.15.0

2.15.0

C6320 Drivers & Downloads

VNX2

Version 8.1.21.266 (file), version 5.33.021.5.266 (block) and earlier

Version 8.1.21.303 (file)
Version 5.33.021.5.303 (block)

Download and install the appropriate version by VNX2 code family:https://www.dell.com/support/home/en-us/product-support/product/vnxe1600/.

DCA

Versions before DCA 4.3.1.0

DCA 4.3.1.0

Download Greenplum-Data-Computing-Appliance-Software-Upgrade-to-4.3.1.0.bin package fromhttps://dl.dell.com/downloads/

DCA

Versions before Firmware tool 3I00

DCA Firmware tool 3I00

https://dl.dell.com/downloads/DLD2955_3I00-Firmware-Update-Utility-for-DCAv3.tgz.

R740

Before 2.11.2

2.11.2

R740 Drivers & Downloads

R740XD

Before 2.11.2

2.11.2

R740XD Drivers & Downloads

R640

Before 2.11.2

2.11.2

R640 Drivers & Downloads

R940

Before 2.11.2

2.11.2

R940 Drivers & Downloads

R540

Before 2.11.2

2.11.2

R540 Drivers & Downloads

R440

Before 2.11.2

2.11.2

R440 Drivers & Downloads

T440

Before 2.11.2

2.11.2

T440 Drivers & Downloads

XR2

Before 2.11.2

2.11.2

XR2 Drivers & Downloads

R740XD2

Before 2.11.2

2.11.2

R740XD2 Drivers & Downloads

R840

Before 2.11.2

2.11.2

R840 Drivers & Downloads

R940XA

Before 2.11.2

2.11.2

R940XA Drivers & Downloads

T640

Before 2.11.2

2.11.2

T640 Drivers & Downloads

C6420

Before 2.11.2

2.11.2

C6420 Drivers & Downloads

FC640

Before 2.11.2

2.11.2

FC640 Drivers & Downloads

M640

Before 2.11.2

2.11.2

M640 Drivers & Downloads

M640P

Before 2.11.2

2.11.2

M640P Drivers & Downloads

MX740C

Before 2.11.2

2.11.2

MX740C Drivers & Downloads

MX840C

Before 2.11.2

2.11.2

MX840C Drivers & Downloads

C4140

Before 2.11.2

2.11.2

C4140 Drivers & Downloads

T140

Before 2.5.1

2.5.1

T140 Drivers & Downloads

T340

Before 2.5.1

2.5.1

T340 Drivers & Downloads

R240

Before 2.5.1

2.5.1

R240 Drivers & Downloads

R340

Before 2.5.1

2.5.1

R340 Drivers & Downloads

T40

Before 1.5.0

1.5.0

T40 Drivers & Downloads

R730

Before 2.13.0

2.13.0

R730 Drivers & Downloads

R730XD

Before 2.13.0

2.13.0

R730XD Drivers & Downloads

R630

Before 2.13.0

2.13.0

R630 Drivers & Downloads

R930

To be provided upon release

Expected release August 2022.

C4130

Before 2.13.0

2.13.0

C4130 Drivers & Downloads

M630

Before 2.13.0

2.13.0

M630 Drivers & Downloads

M630P

Before 2.13.0

2.13.0

M630P Drivers & Downloads

FC630

Before 2.13.0

2.13.0

FC630 Drivers & Downloads

FC430

Before 2.13.0

2.13.0

FC430 Drivers & Downloads

M830

Before 2.13.0

2.13.0

M830 Drivers & Downloads

M830P

Before 2.13.0

2.13.0

M830P Drivers & Downloads

FC830

Before 2.13.0

2.13.0

FC830 Drivers & Downloads

T630

Before 2.13.0

2.13.0

T630 Drivers & Downloads

R530

Before 2.13.0

2.13.0

R530 Drivers & Downloads

R430

Before 2.13.0

2.13.0

R430 Drivers & Downloads

T430

Before 2.13.0

2.13.0

T430 Drivers & Downloads

T130

Before 2.12.0

2.12.0

T130 Drivers & Downloads

R230

Before 2.12.0

2.12.0

R230 Drivers & Downloads

T330

Before 2.12.0

2.12.0

T330 Drivers & Downloads

R330

Before 2.12.0

2.12.0

R330 Drivers & Downloads

R830

Before 1.13.0

1.13.0

R830 Drivers & Downloads

C6320

Before 2.13.0

2.13.0

C6320 Drivers & Downloads

T30

Before 1.6.0

1.6.0

T30 Drivers & Downloads

Cyber Recovery

Versions before 19.11

19.11

Cyber Recovery Downloads

Cyber Recovery

Versions before 19.11.0.2

19.11.0.2

Cyber Recovery Downloads

Dell Cloudlink

Versions before 7.1.4

7.1.4

CloudLink Downloads

Dell CloudLink

Versions before 7.1.3

7.1.3

CloudLink Downloads

Dell Data Protection Central

1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4

1.0.0, 1.0.1, 18.1, 18.2, 19.1, 19.2, 19.3, 19.4

DPCSoftware

DPCRelease Notes

Dell IDPA System Manager

18.1, 18.2, 19.2

18.1, 18.2, 19.2

DPCSoftware

DPCRelease Notes

RecoverPoint Classic

5.1.0
5.1 SP4
5.1 SP4 P1
5.1 SP4 P2

5.1 SP4 P3

https://www.dell.com/support/home/en-us/product-support/product/recoverpoint-cl/drivers

Dell recommends all customers upgrade at the earliest opportunity.

References:

https://www.dell.com/support/security/en-us