Article Number: 000215590

DSA-2023-230: Security Update for Dell EMC Integrated Data Protection Appliance for Multiple Third Party Vulnerabilities

Summary: Dell EMC Integrated Data Protection Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

Critical

Details

Third-party Component	CVEs	More Information
Intel BIOS	CVE-2022-29466, CVE-2022-29515, CVE-2022-26006, CVE-2022-21198, CVE-2022-34377, CVE-2022-34376, CVE-2022-34406, CVE-2022-34407, CVE-2022-34408, CVE-2022-34409, CVE-2022-34410, CVE-2022-34411, CVE-2022-34412, CVE-2022-34413, CVE-2022-34414, CVE-2022-34415, CVE-2022-34416, CVE-2022-34417, CVE-2022-34418, CVE-2022-34419, CVE-2022-34420, CVE-2022-34421, CVE-2022-34422, CVE-2022-34423, CVE-2022-0004, CVE-2022-0005, CVE-2021-21131, CVE-2021-0154, CVE-2021-33122, CVE-2021-0189 , CVE-2021-33124, CVE-2021-33103, CVE-2021-0159, CVE-2021-0188, CVE-2021-0155, CVE-2021-21136, CVE-2021-0153, CVE-2021-33123, CVE-2021-0190, CVE-2021-0060, CVE-2021-0127, CVE-2021-0103, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0099, CVE-2021-0111, CVE-2021-0107, CVE-2021-0125, CVE-2021-0124 CVE-2021-0092, CVE-2021-0093, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2021-33126, CVE-2021-33128, CVE-2022-21233, CVE-2021-33060, CVE-2022-26074, CVE-2022-22558, CVE-2022-28709	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
VMWare	CVE-2021-21974	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Dell iDRAC	CVE-2022-44640, CVE-2022-42898, CVE-2022-0778	For more information, see DSA-2022-162, https://nvd.nist.gov/vuln/detail/CVE-2022-42898 https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Third-party Component	CVEs	More Information
Intel BIOS	CVE-2022-29466, CVE-2022-29515, CVE-2022-26006, CVE-2022-21198, CVE-2022-34377, CVE-2022-34376, CVE-2022-34406, CVE-2022-34407, CVE-2022-34408, CVE-2022-34409, CVE-2022-34410, CVE-2022-34411, CVE-2022-34412, CVE-2022-34413, CVE-2022-34414, CVE-2022-34415, CVE-2022-34416, CVE-2022-34417, CVE-2022-34418, CVE-2022-34419, CVE-2022-34420, CVE-2022-34421, CVE-2022-34422, CVE-2022-34423, CVE-2022-0004, CVE-2022-0005, CVE-2021-21131, CVE-2021-0154, CVE-2021-33122, CVE-2021-0189 , CVE-2021-33124, CVE-2021-33103, CVE-2021-0159, CVE-2021-0188, CVE-2021-0155, CVE-2021-21136, CVE-2021-0153, CVE-2021-33123, CVE-2021-0190, CVE-2021-0060, CVE-2021-0127, CVE-2021-0103, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0099, CVE-2021-0111, CVE-2021-0107, CVE-2021-0125, CVE-2021-0124 CVE-2021-0092, CVE-2021-0093, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2021-33126, CVE-2021-33128, CVE-2022-21233, CVE-2021-33060, CVE-2022-26074, CVE-2022-22558, CVE-2022-28709	See NVD link below for individual scores for each CVE. http://nvd.nist.gov/
VMWare	CVE-2021-21974	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Dell iDRAC	CVE-2022-44640, CVE-2022-42898, CVE-2022-0778	For more information, see DSA-2022-162, https://nvd.nist.gov/vuln/detail/CVE-2022-42898 https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Integrated Data Protection Appliance (PowerProtect DP Series)	IDPA iDRAC, BIOS and Firmware	IDPA 2.7.4 and prior	IDPA 2.7.2 or IDPA 2.7.3/2.7.4 with Firmware patch	Nov+ block - https://dl.dell.com/downloads/XGNH1_PowerProtect-DP-Series-Appliance---IDPA-Firmware-Gen14-November-2022-Block-Plus-critical-iDRAC-security-fix.zip DPA tools - https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Integrated Data Protection Appliance (PowerProtect DP Series)	IDPA iDRAC, BIOS and Firmware	IDPA 2.7.4 and prior	IDPA 2.7.2 or IDPA 2.7.3/2.7.4 with Firmware patch	Nov+ block - https://dl.dell.com/downloads/XGNH1_PowerProtect-DP-Series-Appliance---IDPA-Firmware-Gen14-November-2022-Block-Plus-critical-iDRAC-security-fix.zip DPA tools - https://www.dell.com/support/home/product-support/product/integrated-data-protection-appliance/drivers

Please upgrade to IDPA 2.7.x version prior to applying the patch mentioned above.
13G appliances are impacted and updates for 13G appliances are under development and will be notified soon.

Revision History

Revision	Date	Description
1.0	2023-05-06	Initial release
2.0	2023-08-29	Updated for enhanced presentation with no changes to content.
3.0	2023-09-11	Updated Affected Products and Remediation table
4.0	2023-11-28	Updated links in Affected Products and Remediation

Related Information

Legal Information

Article Properties

Affected Product

PowerProtect Data Protection Appliance, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software

Last Published Date

11 Jan 2024

Article Type

Dell Security Advisory

Welcome

Welcome to Dell