Advisory for Dell Security Update

  • NIC-CERT/2022-10/437
  • Date: 2022-10-14
  • CVE ID: Multiple
  • Severity: Critical

Description:

Avulnerabilityhas been reported in Dell productwhich could allow anattacker tocompromise the affected system.

Security Issues Fixed:

Dell EMC PowerScaleOneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Details:

Proprietary Code CVE(s)

Description

CVSS Base Score

CVE-2022-34437

Dell PowerScaleOneFS, versions 8.2.2-9.3.0,contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

6.7

CVE-2022-34438

Dell PowerScaleOneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

6.7

CVE-2022-34439

Dell PowerScaleOneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

5.3

Third-Party Component

CVE(s)

CVSS Vector String

Intel Platform

CVE-2021-0148

Intel-SA-00535

CVE-2021-0092

Intel-SA-00527

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

CVE-2020-24511

Intel-SA-00463

CVE-2020-24512

CVE-2020-12357

Intel-SA-00464

CVE-2020-12358

CVE-2020-12360

CVE-2020-24486

CVE-2021-0144

Intel-SA-00525

CVE-2020-0591, CVE-2020-0592, CVE-2020-0593

Intel-SA-00358

CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-8764, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740

Intel-SA-00390

CVE-2020-8705, CVE-2020-8755

Intel-SA-00391

CVE-2020-8696

Intel-SA-00381

Cyrus SASL

CVE-2022-24407

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2019-19906

CVE-2013-4122

Affected Products and Remediation:

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2021-0148

F600 with Intel P4510 2TB and 4TB ISE drives

PowerScaleOneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Drive Support Package versions prior to 1.42.3

Download and install>= Drive Support Package1.42.3.

PowerScaleOneFS Downloads Area

CVE-2021-0092

A200, A2000, A300, A3000, F200, F600, F800, F810, F900, H400, H500, H5600, H600, H700, H7000, B100, P100

PowerScaleOneFS Versions:
9.4.0.x
9.3.0.x
9.2.1.x
9.2.0.x
9.1.0.x
9.0.0.x
Node Firmware Package versions prior to 11.5.1

Download and install the latest Node Firmware Package version >= 11.5.1.

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0124

CVE-2021-0125

CVE-2021-0127

CVE-2021-0060

CVE-2021-00147

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24511

A300, A3000, H700, H7000

CVE-2020-12358

CVE-2020-12360

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-24486

A300, A3000, H700, H7000

CVE-2021-0144

A200, A2000, A300, A3000, F800, F810, H400, H500, H5600, H600, H700, H7000

CVE-2020-0591

A2000, A200, H400, H500, H600, F800, F900, F200, F600, B100, and P100

CVE-2020-0592

CVE-2020-0593

A2000, A200, H400, F900, F200, F600, B100, and P100

CVE-2020-8738

CVE-2020-8739

CVE-2020-8740

CVE-2020-8764

CVE-2020-0587

F900, F200, F600, B100, and P100

CVE-2020-0588

CVE-2020-0590

CVE-2020-8705

CVE-2020-8755

CVE-2020-8696

CVE-2022-24407

PowerScaleOneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

CVE-2019-19906

CVE-2013-4122

Any other version

Upgrade your version of PowerScaleOneFS.

CVE-2022-34437

PowerScaleOneFS

9.1.0.0 through 9.1.0.21
9.2.1.0 through 9.2.1.15
9.3.0.0 through 9.3.0.7

Download and install the latest RUP.
>= 9.1.0.22
>= 9.2.1.16
>= 9.3.0.8

Any other version

Upgrade your version of PowerScaleOneFS.

CVE-2022-34438

PowerScaleOneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.15
9.3.0.0 through9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScaleOneFS.

CVE-2022-34439

PowerScaleOneFS

9.1.0.0 through 9.1.0.22
9.2.1.0 through 9.2.1.16
9.3.0.0 through9.3.0.7
9.4.0.0 through 9.4.0.5

Download and install the latest RUP.
>= 9.1.0.23
>= 9.2.1.16
>= 9.3.0.8
>= 9.4.0.6

Any other version

Upgrade your version of PowerScaleOneFS or apply the steps listed in the "Workaround and Mitigations" in the next table.

CVE-2022-31228

XtremIO X1, XtremIO X2

XMS versions prior to 6.4.0-22

XMS 6.4.0-22

Dell EMCrecommends all customers upgrade at the earliest opportunity.https://www.dell.com/support/home/en-us/product-support/product/xtremio-x2/drivers

CVE-2022-34384

Dell SupportAssist for Home PCs

Version 3.11.2 and earlier

3.12.3

SupportAssist for Home PCs:
There are 2 ways in which the customer can get the latest component which has the fix.
1. Manual steps: (Recommended)
a. Launch SupportAssist UI
b. Go to the About Page of SupportAssist UI
c. Click on “Check for Latest Updates”

2. If Auto-update settings are enabled on the Settings page, then SupportAssist for Home PCs will automatically get upgraded to the latest available version which has the fix.

  • Auto-update setting can be verified by going to Settings Page, Privacy option.

Links:
SupportAssist for Home PCs
Release Notes and User Guide


SupportAssist for Business PCs:
TechDirect Link for Admins
Release Notes and User Guide

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34385

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34386

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34387

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34388

Dell SupportAssistfor Home PCs

Version 3.11.4 and earlier

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34366

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

CVE-2022-34389

Dell SupportAssist for Home PCs

Version 3.11.2 and earlier

3.12.3

Dell SupportAssist for Business PCs

Version 3.2.0 and earlier

3.3.0

CVE-2022-34392

Dell SupportAssist for Home PCs

Version 3.11.4 and earlier

3.12.3

Product

Affected Version(s)

Updated Version(s)

Link to Update

Dell EMC SRM

Versions prior to 4.8.0.0

4.8.0.0

https://support.emc.com/downloads/34247_SRM

Dell EMC SRM Vapp

Versions prior to 4.8.0.0

4.8.0.0

https://support.emc.com/downloads/34247_SRM

Dell EMC SMR

Versions prior to 4.8.0.0

4.8.0.0

https://support.emc.com/downloads/40532_SMR

Dell EMC SMR Vapp

Versions prior to 4.8.0.0

4.8.0.0

https://support.emc.com/downloads/40532_SMR

Dell Metronode VS5

Versions prior to 7.1.0

7.1.0 release

https://www.dell.com/support

Dell EMC VPLEX VS2-Server-PE

Versions before:
BIOS 2.9.1

iDRAC 5.10.30.00

NIC 22.00.6

Procedure:
VS2 R240 Firmware Block Upgrade

Release Notes/Links:
VS2 Server PE Firmware Release Notes June 2022

https://solve.dell.com/solve/home/46

R750

Before 1.7.5

1.7.5

R750 Drivers & Downloads

R750XA

Before 1.7.5

1.7.5

R750XA Drivers & Downloads

R650

Before 1.7.5

1.7.5

R650 Drivers & Downloads

C6520

Before 1.7.5

1.7.5

C6520 Drivers & Downloads

MX750c

Before 1.7.5

1.7.5

MX750c Drivers & Downloads

R550

Before 1.7.5

1.7.5

R550 Drivers & Downloads

T550

Before 1.7.5

1.7.5

T550 Drivers & Downloads

R450

Before 1.7.5

1.7.5

R450 Drivers & Downloads

R650XS

Before 1.7.5

1.7.5

R650XS Drivers & Downloads

R750XS

Before 1.7.5

1.7.5

R750XS Drivers & Downloads

XR11

Before 1.7.5

1.7.5

XR11 Drivers & Downloads

XR12

Before 1.7.5

1.7.5

XR12 Drivers & Downloads

R350

Before 1.3.3

1.3.3

R350 Drivers & Downloads

T350

Before 1.3.3

1.3.3

T350 Drivers & Downloads

R250

Before 1.3.3

1.3.3

R250 Drivers & Downloads

T150

Before 1.3.3

1.3.3

T150 Drivers & Downloads

T130

Before 2.15.0

2.15.0

T130 Drivers & Downloads

R230

Before 2.15.0

2.15.0

R230 Drivers & Downloads

T330

Before 2.15.0

2.15.0

T330 Drivers & Downloads

R330

Before 2.15.0

2.15.0

R330 Drivers & Downloads

Dell recommends all customers upgrade at the earliest opportunity.

  1. References:

https://www.dell.com/support/security/en-us