Article Number: 000200326
DSA-2022-125: Dell PowerFlex Appliance Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
| Component | CVEs | More information |
| VMware vCenter Server | CVE-2022-22948 | VMware article VMSA-2022-0009  |
| Dell PowerEdge Server BIOS | CVE-2020-12966 | Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability |
| CVE-2021-0060 | Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release | |
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-33068 | ||
| CVE-2021-0092 | ||
| CVE-2021-0156 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| CVE-2021-26373 | Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities. | |
| CVE-2021-26347 | ||
| CVE-2021-26376 | ||
| CVE-2021-26375 | ||
| CVE-2021-26378 | ||
| CVE-2021-26372 | ||
| CVE-2021-26339 | ||
| CVE-2021-26348 | ||
| CVE-2021-26342 | ||
| CVE-2021-26388 | ||
| CVE-2021-26349 | ||
| CVE-2021-26364 | ||
| CVE-2021-26312 | ||
| CVE-2021-26350 | ||
| CVE-2020-12944 | Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US | |
| CVE-2020-12951 | ||
| CVE-2020-12954 | ||
| CVE-2020-12988 | ||
| CVE-2021-26312 | ||
| CVE-2021-26320 | ||
| CVE-2021-26321 | ||
| CVE-2021-26322 | ||
| CVE-2021-26329 | ||
| CVE-2021-26330 | ||
| CVE-2020-12946 | ||
| CVE-2020-12961 | ||
| CVE-2021-26331 | ||
| CVE-2021-26315 | ||
| CVE-2021-26325 | ||
| CVE-2021-26326 | ||
| CVE-2021-26327 | ||
| Dell iDRAC Lifecycle Controller Firmware | CVE-2022-24422 | Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| CVE-2021-3712 | Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities |
|
| CVE-2021-36347 | ||
| CVE-2021-36348 | ||
| CVE-2021-36346 | ||
| ESXi | CVE-2021-22045 | VMware article VMSA-2022-0001 |
| CVE-2021-22040 | VMware article VMSA-2022-0004 |
|
| CVE-2021-22041 | ||
| CVE-2021-22050 | ||
| Embedded OS | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| Cisco Switches | CVE-2022-20624 | Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability. |
| CVE-2022-20650 | Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability. |
|
| CVE-2022-20625 | Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability |
|
| CVE-2022-20623 | Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability. |
|
| Spring | CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| Component | CVEs | More information |
| VMware vCenter Server | CVE-2022-22948 | VMware article VMSA-2022-0009 |
| Dell PowerEdge Server BIOS | CVE-2020-12966 | Dell article DSA-2021-255: Dell PowerEdge Security Update for an AMD Vulnerability |
| CVE-2021-0060 | Dell article DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release | |
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-33068 | ||
| CVE-2021-0092 | ||
| CVE-2021-0156 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | Dell article DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| CVE-2021-26373 | Dell article DSA-2022-126: Dell PowerEdge Server Security Updates for AMD Server Vulnerabilities. | |
| CVE-2021-26347 | ||
| CVE-2021-26376 | ||
| CVE-2021-26375 | ||
| CVE-2021-26378 | ||
| CVE-2021-26372 | ||
| CVE-2021-26339 | ||
| CVE-2021-26348 | ||
| CVE-2021-26342 | ||
| CVE-2021-26388 | ||
| CVE-2021-26349 | ||
| CVE-2021-26364 | ||
| CVE-2021-26312 | ||
| CVE-2021-26350 | ||
| CVE-2020-12944 | Dell article DSA-2021-227: Dell PowerEdge Server Security Update for AMD Server Vulnerabilities | Dell US | |
| CVE-2020-12951 | ||
| CVE-2020-12954 | ||
| CVE-2020-12988 | ||
| CVE-2021-26312 | ||
| CVE-2021-26320 | ||
| CVE-2021-26321 | ||
| CVE-2021-26322 | ||
| CVE-2021-26329 | ||
| CVE-2021-26330 | ||
| CVE-2020-12946 | ||
| CVE-2020-12961 | ||
| CVE-2021-26331 | ||
| CVE-2021-26315 | ||
| CVE-2021-26325 | ||
| CVE-2021-26326 | ||
| CVE-2021-26327 | ||
| Dell iDRAC Lifecycle Controller Firmware | CVE-2022-24422 | Dell article DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| CVE-2021-3712 | Dell article DSA-2021-259: Dell iDRAC Security Update for Multiple Security Vulnerabilities |
|
| CVE-2021-36347 | ||
| CVE-2021-36348 | ||
| CVE-2021-36346 | ||
| ESXi | CVE-2021-22045 | VMware article VMSA-2022-0001 |
| CVE-2021-22040 | VMware article VMSA-2022-0004 |
|
| CVE-2021-22041 | ||
| CVE-2021-22050 | ||
| Embedded OS | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| Cisco Switches | CVE-2022-20624 | Cisco article Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability. |
| CVE-2022-20650 | Cisco article Cisco NX-OS Software NX-API Command Injection Vulnerability. |
|
| CVE-2022-20625 | Cisco article Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability |
|
| CVE-2022-20623 | Cisco article Cisco Nexus 9000 Series Switches Bi-directional Forwarding Detection Denial of Service Vulnerability. |
|
| Spring | CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package in RCM. |
| CVE-2020-12966 | PowerFlex Appliance | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13 BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
| CVE-2021-0060 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-33068 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0156 | ||||
| CVE-2021-0093 | ||||
| CVE-2020-12944 | ||||
| CVE-2020-12951 | ||||
| CVE-2020-12954 | ||||
| CVE-2020-12988 | ||||
| CVE-2021-26312 | ||||
| CVE-2021- 26320 |
||||
| CVE-2021- 26321 |
||||
| CVE-2021- 26322 |
||||
| CVE-2021- 26329 |
||||
| CVE-2021- 26330 |
||||
| CVE-2020- 12946 |
||||
| CVE-2020- 12961 |
||||
| CVE-2021- 26331 |
||||
| CVE-2021- 26315 |
||||
| CVE-2021- 26325 |
||||
| CVE-2021- 26326 |
||||
| CVE-2021- 26327 |
||||
| CVE-2021 -3712 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2021- 36347 |
||||
| CVE-2021- 36348 |
||||
| CVE-2021- 26350 |
||||
| CVE-2021- 36346 |
||||
| CVE-2021- 22045 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 VMware-ESXi-7.0U3c-19193900 |
|
| CVE-2019-14584 | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
|
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2021- 26373 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 | |
| CVE-2021- 26347 |
||||
| CVE-2021- 26376 |
||||
| CVE-2021- 26375 |
||||
| CVE-2021- 26378 |
||||
| CVE-2021- 26372 |
||||
| CVE-2021- 26348 |
||||
| CVE-2021- 26342 |
||||
| CVE-2021- 26339 |
||||
| CVE-2021- 26388 |
||||
| CVE-2021- 26349 |
||||
| CVE-2021- 26364 |
||||
| CVE-2021- 22040 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 | |
| CVE-2021- 22041 |
||||
| CVE-2021- 22050 |
||||
| CVE-2022- 24422 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2022- 0778 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
||
| CVE-2022- 20624 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
9.3(9) | |
| CVE-2022- 20650 |
||||
| CVE-2022- 20625 |
||||
| CVE-2022- 20623 |
||||
| CVE-2022- 22965 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
PowerFlex Version 3.6.0.4 |
|
| CVE-2022- 22948 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
vCenter server version 6.7 Update 3q (6.7.0 Build19300125) |
- For RCM release information: https://cicodeportal.dell.com/#/home
- For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
| CVEs Addressed | Product | Affected Versions | Updated Versions | Fix package in RCM. |
| CVE-2020-12966 | PowerFlex Appliance | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13 BIOS Firmware 15G version 2.6.6 BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
| CVE-2021-0060 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-33068 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0156 | ||||
| CVE-2021-0093 | ||||
| CVE-2020-12944 | ||||
| CVE-2020-12951 | ||||
| CVE-2020-12954 | ||||
| CVE-2020-12988 | ||||
| CVE-2021-26312 | ||||
| CVE-2021- 26320 |
||||
| CVE-2021- 26321 |
||||
| CVE-2021- 26322 |
||||
| CVE-2021- 26329 |
||||
| CVE-2021- 26330 |
||||
| CVE-2020- 12946 |
||||
| CVE-2020- 12961 |
||||
| CVE-2021- 26331 |
||||
| CVE-2021- 26315 |
||||
| CVE-2021- 26325 |
||||
| CVE-2021- 26326 |
||||
| CVE-2021- 26327 |
||||
| CVE-2021 -3712 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2021- 36347 |
||||
| CVE-2021- 36348 |
||||
| CVE-2021- 26350 |
||||
| CVE-2021- 36346 |
||||
| CVE-2021- 22045 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 VMware-ESXi-7.0U3c-19193900 |
|
| CVE-2019-14584 | Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 14G version 2.13.3 BIOS Firmware 15G version 2.6.6 |
|
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2021- 26373 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
BIOS Firmware 15G version 2.6.6 | |
| CVE-2021- 26347 |
||||
| CVE-2021- 26376 |
||||
| CVE-2021- 26375 |
||||
| CVE-2021- 26378 |
||||
| CVE-2021- 26372 |
||||
| CVE-2021- 26348 |
||||
| CVE-2021- 26342 |
||||
| CVE-2021- 26339 |
||||
| CVE-2021- 26388 |
||||
| CVE-2021- 26349 |
||||
| CVE-2021- 26364 |
||||
| CVE-2021- 22040 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
ESXi 6.7 EP 23 Build 19195723 | |
| CVE-2021- 22041 |
||||
| CVE-2021- 22050 |
||||
| CVE-2022- 24422 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
iDRAC9 version 5.10.10.00 | |
| CVE-2022- 0778 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
||
| CVE-2022- 20624 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
9.3(9) | |
| CVE-2022- 20650 |
||||
| CVE-2022- 20625 |
||||
| CVE-2022- 20623 |
||||
| CVE-2022- 22965 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
PowerFlex Version 3.6.0.4 |
|
| CVE-2022- 22948 |
Versions before Intelligent_Catalog_38_356_03_r5 Versions before Intelligent_Catalog_38_362_03_r6 |
Intelligent_Catalog_38_356_03_r5 Intelligent_Catalog_38_362_03_r6 |
vCenter server version 6.7 Update 3q (6.7.0 Build19300125) |
- For RCM release information: https://cicodeportal.dell.com/#/home
- For RCM download: https://vce.flexnetoperations.com/control/vcec/product?plneID=740417
Revision History
| Revision | Date | Description |
| 1.0 | 2022-06-03 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
PowerFlex Appliance, PowerFlex appliance R650, PowerFlex appliance R6525, Powerflex appliance R750, Product Security Information, PowerFlex appliance R640, PowerFlex appliance R740XD, PowerFlex appliance R840
Last Published Date
27 Jun 2023
Article Type
Dell Security Advisory