Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2022-175: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

Critical

Details

Third-party Component CVEs More Information
Spring Security CVE-2022-22978  
Dell PowerEdge: iDRAC9 CVE-2022-0778 See Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability for more information
VMware ESXi CVE-2022-21123 VMSA-2022-0016 This hyperlink is taking you to a website outside of Dell Technologies. See workaround and mitigation table below
CVE-2022-21125
CVE-2022-21166
SUSE CVE-2017-17087  
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3903
CVE-2021-3875
CVE-2021-3927
CVE-2021-3928
CVE-2021-3968
CVE-2021-3973
CVE-2021-3974
CVE-2021-3984
CVE-2021-4019
CVE-2021-4069
 CVE-2021-4136
 CVE-2021-4166
 CVE-2021-4192
 CVE-2021-4193
 CVE-2021-43565
 CVE-2021-46059
 CVE-2022-0128
 CVE-2022-0213
 CVE-2022-0261
 CVE-2022-0318
 CVE-2022-0319
 CVE-2022-0351
 CVE-2022-0359
 CVE-2022-0361
 CVE-2022-0392
 CVE-2022-0407
 CVE-2022-0413
 CVE-2022-0561
 CVE-2022-0562
 CVE-2022-0696
 CVE-2022-0865
 CVE-2022-0891
 CVE-2022-0908
 CVE-2022-0909
 CVE-2022-0924
 CVE-2022-1056
 CVE-2022-1271
 CVE-2022-1304
 CVE-2022-1381
 CVE-2022-1420
 CVE-2022-1552
 CVE-2022-1616
 CVE-2022-1619
 CVE-2022-1620
 CVE-2022-1733
 CVE-2022-1735
 CVE-2022-1771
 CVE-2022-1785
 CVE-2022-1796
 CVE-2022-1851
 CVE-2022-1897
 CVE-2022-1898
 CVE-2022-1927
 CVE-2022-23308
 CVE-2022-23648
 CVE-2022-24769
 CVE-2022-24903
 CVE-2022-27191
 CVE-2022-27781
 CVE-2022-27782
 CVE-2022-28733
 CVE-2022-28734
 CVE-2022-28735
 CVE-2022-28736
 CVE-2022-29155
 CVE-2022-29824
Third-party Component CVEs More Information
Spring Security CVE-2022-22978  
Dell PowerEdge: iDRAC9 CVE-2022-0778 See Dell article 200644, DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability for more information
VMware ESXi CVE-2022-21123 VMSA-2022-0016 This hyperlink is taking you to a website outside of Dell Technologies. See workaround and mitigation table below
CVE-2022-21125
CVE-2022-21166
SUSE CVE-2017-17087  
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2021-3778
CVE-2021-3796
CVE-2021-3872
CVE-2021-3903
CVE-2021-3875
CVE-2021-3927
CVE-2021-3928
CVE-2021-3968
CVE-2021-3973
CVE-2021-3974
CVE-2021-3984
CVE-2021-4019
CVE-2021-4069
 CVE-2021-4136
 CVE-2021-4166
 CVE-2021-4192
 CVE-2021-4193
 CVE-2021-43565
 CVE-2021-46059
 CVE-2022-0128
 CVE-2022-0213
 CVE-2022-0261
 CVE-2022-0318
 CVE-2022-0319
 CVE-2022-0351
 CVE-2022-0359
 CVE-2022-0361
 CVE-2022-0392
 CVE-2022-0407
 CVE-2022-0413
 CVE-2022-0561
 CVE-2022-0562
 CVE-2022-0696
 CVE-2022-0865
 CVE-2022-0891
 CVE-2022-0908
 CVE-2022-0909
 CVE-2022-0924
 CVE-2022-1056
 CVE-2022-1271
 CVE-2022-1304
 CVE-2022-1381
 CVE-2022-1420
 CVE-2022-1552
 CVE-2022-1616
 CVE-2022-1619
 CVE-2022-1620
 CVE-2022-1733
 CVE-2022-1735
 CVE-2022-1771
 CVE-2022-1785
 CVE-2022-1796
 CVE-2022-1851
 CVE-2022-1897
 CVE-2022-1898
 CVE-2022-1927
 CVE-2022-23308
 CVE-2022-23648
 CVE-2022-24769
 CVE-2022-24903
 CVE-2022-27191
 CVE-2022-27781
 CVE-2022-27782
 CVE-2022-28733
 CVE-2022-28734
 CVE-2022-28735
 CVE-2022-28736
 CVE-2022-29155
 CVE-2022-29824
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product Affected Versions Updated Versions
Dell VxRail Appliance 7.0.x versions before 7.0.372 7.0.372 (See NOTE in Workaround and Mitigation section.)



Product Affected Versions Updated Versions
Dell VxRail Appliance 7.0.x versions before 7.0.372 7.0.372 (See NOTE in Workaround and Mitigation section.)



Workarounds & Mitigations

NOTE: STIG hardening version 2.0.001 resolves the VMware issue described in VMware article 88055 This hyperlink is taking you to a website outside of Dell Technologies., which blocked STIG hardening of VxRail 7.0.370 and later. Also, if STIG hardening version 2.0.000 or earlier was applied to a VxRail cluster version 7.0.360 or earlier, STIG hardening version 2.0.001 must be applied before upgrading to VxRail 7.0.370 and later.
 
CAUTION: If running a STIG hardened VxRail version 7.0.370 or later, view Dell article 23137, Dell VxRail: Security Technical Implementation Guide on VxRail. Follow the steps seen in the "Known issues" section of the VxRail STIG Hardening Guide. However, if you have already removed the VMware ESXi STIG VIB, you can disregard this caution.
 
VMware ESXi CVE-2022-21123 See VMware notice VMSA-2022-0016 This hyperlink is taking you to a website outside of Dell Technologies..
See VMware article KB 88632 This hyperlink is taking you to a website outside of Dell Technologies. for mitigation instructions. 
CVE-2022-21125
CVE-2022-21166

Revision History

RevisionDateDescription
1.02022-07-08Initial Release
1.12202-07-27Added NOTE regarding VMware issue 
1.22022-08-16Edited NOTE in Workaround and Mitigations section regarding STIG package

Related Information

Affected Products

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series , VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560F, VxRail E560N, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560F, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570F, VxRail P580N, VXRAIL P670F, VxRail P670N, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570F, VXRAIL V670F ...
Article Properties
Article Number: 000201322
Article Type: Dell Security Advisory
Last Modified: 14 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.