Article Number: 000153687

DSA-2020-171: Dell Data Domain Security Update for a BMC Vulnerability

Summary: Dell Data Domain remediation is available for BMC Vulnerability that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

High

Details

The BMC component within Dell Data Domain requires a security update to address a vulnerability.

Third-party Component	CVE(s)	More information
BMC	CVE-2018-9086	See NVD (http://nvd.nist.gov/) 7.2 (/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

Third-party Component	CVE(s)	More information
BMC	CVE-2018-9086	See NVD (http://nvd.nist.gov/) 7.2 (/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected models:
Dell Data Domain DD9300 Appliance
Dell Data Domain DD6800 Appliance
Dell Data Domain DD6300 Appliance
Dell Data Domain DD7200 Appliance
Dell Data Domain DD4500 Appliance
Dell Data Domain DD4200 Appliance
Dell Data Domain OS versions prior to DDOS 6.0.0.70
Dell Data Domain OS versions prior to DDOS 6.1.2.70
Dell Data Domain OS versions prior to DDOS 6.2.1.0
Dell Data Domain OS versions prior to DDOS 7.0.0.20
Dell Data Domain OS versions prior to DDOS 7.1.0.20
Dell Data Domain OS versions prior to DDOS 7.2.0.0

Resolution:
The following Dell Data Domain releases address this vulnerability:
Dell Data Domain OS version DDOS 6.0.0.70
Dell Data Domain OS version DDOS 6.1.2.70
Dell Data Domain OS version DDOS 6.2.1.0
Dell Data Domain OS version DDOS 7.0.0.20
Dell Data Domain OS version DDOS 7.1.0.20
Dell Data Domain OS version DDOS 7.2.0.0

Dell recommends all customers upgrade at the earliest opportunity.

Revision History

Revision	Date	Description
1.1	2021/05/18	Minor update

Related Information

Legal Information

Article Properties

Affected Product

Data Domain, Data Domain, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, DD Boost for Enterprise Applications, DD OS, DD OS 4.9, PowerProtect Data Domain Management Center

Product

DD OS 6.2, DD OS 5.0, DD OS 5.1, DD OS 5.2, DD OS 5.3, DD OS 5.4, DD OS 5.5, DD OS 5.6, DD OS 6.0, DD OS 6.1, DD OS 7.0, DD OS 7.1, DD OS Licensed Features, DD OS Previous Versions, PowerProtect X400 Appliance, Product Security Information

Last Published Date

22 May 2021

Article Type

Dell Security Advisory

Welcome

Welcome to Dell