Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000194836

DSA-2021-271: Dell EMC Unity, Dell EMC Unity VSA, and Dell EMC Unity XT Security Update for Multiple Vulnerabilities

Summary: Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-43589	Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Third-party Component	CVEs	More Information
bind	CVE-2021-25214	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
bind	CVE-2021-25215
curl	CVE-2021-22876
curl	CVE-2021-22898
dhcp	CVE-2021-25217
git	CVE-2021-21300
glib2	CVE-2021-27218
glib2	CVE-2021-27219
glibc	CVE-2019-25013
	CVE-2020-29573
	CVE-2020-27618
	CVE-2020-29562
	CVE-2021-3326
gnutls	CVE-2021-20231
gnutls	CVE-2021-20232
libnettle	CVE-2021-20305
libX11	CVE-2021-31535
lz4	CVE-2021-3520
mgetty	CVE-2018-16741
	CVE-2018-16742
	CVE-2018-16743
	CVE-2018-16744
	CVE-2018-16745
mozilla-nspr	CVE-2021-23981
	CVE-2021-23982
	CVE-2021-23984
	CVE-2021-23987
nghttp2	CVE-2020-11080
open-iscsi	CVE-2020-17437
	CVE-2020-17438
	CVE-2020-13987
	CVE-2020-13988
openldap2	CVE-2020-36221
	CVE-2020-36222
	CVE-2020-36223
	CVE-2020-36224
	CVE-2020-36225
	CVE-2020-36226
	CVE-2020-36227
	CVE-2020-36228
	CVE-2020-36229
	CVE-2020-36230
	CVE-2021-27212
openssl (Unisphere UI)	CVE-2021-3712
openssl (NAS Server)	CVE-2021-23840
polkit	CVE-2021-3560
postgresql10	CVE-2020-25695
	CVE-2020-25694
	CVE-2020-25696
	CVE-2021-32027
	CVE-2021-32028
python-tk	CVE-2021-3177
python-tk	CVE-2019-20916
sudo	CVE-2021-3156

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-43589	Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.	6.0	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Third-party Component	CVEs	More Information
bind	CVE-2021-25214	See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
bind	CVE-2021-25215
curl	CVE-2021-22876
curl	CVE-2021-22898
dhcp	CVE-2021-25217
git	CVE-2021-21300
glib2	CVE-2021-27218
glib2	CVE-2021-27219
glibc	CVE-2019-25013
	CVE-2020-29573
	CVE-2020-27618
	CVE-2020-29562
	CVE-2021-3326
gnutls	CVE-2021-20231
gnutls	CVE-2021-20232
libnettle	CVE-2021-20305
libX11	CVE-2021-31535
lz4	CVE-2021-3520
mgetty	CVE-2018-16741
	CVE-2018-16742
	CVE-2018-16743
	CVE-2018-16744
	CVE-2018-16745
mozilla-nspr	CVE-2021-23981
	CVE-2021-23982
	CVE-2021-23984
	CVE-2021-23987
nghttp2	CVE-2020-11080
open-iscsi	CVE-2020-17437
	CVE-2020-17438
	CVE-2020-13987
	CVE-2020-13988
openldap2	CVE-2020-36221
	CVE-2020-36222
	CVE-2020-36223
	CVE-2020-36224
	CVE-2020-36225
	CVE-2020-36226
	CVE-2020-36227
	CVE-2020-36228
	CVE-2020-36229
	CVE-2020-36230
	CVE-2021-27212
openssl (Unisphere UI)	CVE-2021-3712
openssl (NAS Server)	CVE-2021-23840
polkit	CVE-2021-3560
postgresql10	CVE-2020-25695
	CVE-2020-25694
	CVE-2020-25696
	CVE-2021-32027
	CVE-2021-32028
python-tk	CVE-2021-3177
python-tk	CVE-2019-20916
sudo	CVE-2021-3156

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Products	Affected Versions	Updated Versions	Link to Update
All of the above	Dell EMC Unity Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007	https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
	Dell EMC UnityVSA Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007
	Dell EMC Unity XT Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007

CVEs Addressed	Products	Affected Versions	Updated Versions	Link to Update
All of the above	Dell EMC Unity Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007	https://www.dell.com/support/home/en-us/product-support/product/unity-all-flash-family/drivers
	Dell EMC UnityVSA Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007
	Dell EMC Unity XT Operating Environment (OE)	Before 5.1.2.0.5.007	5.1.2.0.5.007

Workarounds and Mitigations

None.

Revision History

Revision	Date	More Information
1.0	2021-12-29	Initial Release
1.1	2022-01-05	Minor update to CVE Identifier field.

Related Information

Legal Information

Article Properties

Affected Product

Dell EMC Unity, Product Security Information, Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity XT 480 , Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition ...

Last Published Date

06 Jan 2022

Article Type

Dell Security Advisory

Welcome

Welcome to Dell