DSA-2022-136: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities
Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Summary:Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Please select a product to check article relevancy
This article applies to This article does not apply to
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products & Remediation
Product
Affected Versions
Updated Version
Dell VxRail
7.0.x versions before 7.0.371
7.0.371 (See NOTE in Workarounds and Mitigations section below.)
Product
Affected Versions
Updated Version
Dell VxRail
7.0.x versions before 7.0.371
7.0.371 (See NOTE in Workarounds and Mitigations section below.)
Workarounds & Mitigations
NOTE: STIG hardening version 2.0.001 resolves the VMware issue described in VMware article 88055, which blocked STIG hardening of VxRail 7.0.370 and later. Additionally, if STIG hardening version 2.0.000 or earlier was applied to a VxRail cluster version 7.0.360 or earlier, STIG hardening version 2.0.001 must be applied before upgrading to VxRail 7.0.370 and later.
CAUTION: If running a STIG hardened VxRail version 7.0.370 or later, follow the steps seen in the “Known issues” section of the VxRail STIG Hardening Guide available in Dell KB article 23137,Dell VxRail: Security Technical Implementation Guide on VxRail. However, if you have already removed the VMware ESXi STIG VIB, you can disregard this caution.
Revision History
Revision
Date
Description
1.0
2022-05-25
Initial Release
1.1
2022-07-27
Added NOTE regarding VMware issue
1.2
2022-08-16
Edited NOTE in Workaround & Mitigations section regarding STIG package