DSA-2023-250: Security Update for Dell Connectrix (Brocade) for Multiple Vulnerabilities

Resumen: Dell Connectrix (Brocade) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

High

Detalles

Third-party Component CVEs More Information
FOS CVE-2023-31425, CVE-2023-31426, CVE-2023-31427, CVE-2023-31428, CVE-2023-31429,
CVE-2023-31430, CVE-2023-31431, CVE-2023-31432, CVE-2023-31926, CVE-2023-31927,
CVE-2023-31928		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2022-0778, CVE-2018-0739, CVE-2022-2097, CVE-2022-2068 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2021-41617, CVE-2020-14145 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
util-linux before 2.32-rc1 CVE-2018-7738 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
follow-redirects CVE-2022-0155 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
zlib before 1.2.12 CVE-2018-25032 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
handle_ipDefaultTTL CVE-2022-44792 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
cgroup1_parse_param in kernel/cgroup/cgroup-v1 CVE-2021-4145 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Apache HTTP Server 2.4.53 and earlier CVE-2021-39275, CVE-2019-0220, CVE-2022-28614, CVE-2022-28615
 		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
glib before version 2.63.6 CVE-2021-3800 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel before 5.6.2 CVE-2022-24448, CVE-2021-45485, CVE-2021-45486, CVE-2022-0322, CVE-2020-36557, CVE-2020-36558, CVE-2011-4917
 		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
GNU C Library (aka glibc) before and through 2.34 CVE-2022-23219, CVE-2013-4788 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
X.509 certificate verification CVE-2022-3786, CVE-2022-3602 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
rsync before 3.2.5 CVE-2022-29154 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Net-SNMP through 5.7.3 CVE-2020-15861 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
RPM before 4.9.1.3 CVE-2012-0060 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
util.c in GNU readline before 6.3 patch 3 CVE-2014-2524 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Expat (aka libexpat) before 2.4.5 CVE-2022-25313, CVE-2022-25236, CVE-2022-25235 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
src/list.c of tar 1.33 and earlier CVE-2021-20193 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libcgroup up to and including 0.41 creates file with mode 0666 regardless of the configured umask CVE-2018-14348 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 through 2.9.8 CVE-2018-14404
 		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
Hardware allows activation of test or debug logic Intel® Processor CVE-2021-0146
 		 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/ This hyperlink is taking you to a website outside of Dell Technologies.
WebTools CVE-2022-28169, CVE-2023-31927, CVE-2023-31928 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel before 5.13.3 In the IPv6 implementation CVE-2021-45485, CVE-2021-45486 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
CLI CVE-2023-31432, CVE-2023-31425, CVE-2023-31430, CVE-2023-31428, CVE-2023-31429 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
"less" command CVE-2023-31926 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
"diagstatus" command CVE-2023-31431 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux kernel before 5.16.5 in fs/nfs/dir.c CVE-2022-24448 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
AES OCB fails to encrypt some bytes CVE-2022-2097 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Logs - "configupload" and "configdownload" CVE-2023-31426 See NVD link below for individual scores for each CVE. 
http://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2023-31425, CVE-2021-41617, CVE-2022-0155, CVE-2021-4145, CVE-2022-0778 Connectrix B-Series FOS Versions 9.1.0 through 9.1.1 Version 9.1.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2023-31425, CVE-2021-41617, CVE-2022-0155, CVE-2021-4145, CVE-2022-0778 Connectrix B-Series FOS Versions 9.1.0 through 9.1.1 Version 9.2.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31427, CVE-2023-31428, CVE-2023-31429, CVE-2023-31430, CVE-2023-31431, CVE-2023-31432, CVE-2023-31926, CVE-2023-31927, CVE-2022-44792, CVE-2020-14145, CVE-2021-3800, CVE-2022-23219, CVE-2021-45485, CVE-2021-45486, CVE-2021-0146, CVE-2018-7738, CVE-2022-24448, CVE-2020-36557, CVE-2020-36558

 Connectrix B-Series FOS Versions prior to 9.1.1c Version 9.1.1c or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31427, CVE-2023-31428, CVE-2023-31429, CVE-2023-31430, CVE-2023-31431, CVE-2023-31432, CVE-2023-31926, CVE-2023-31927, CVE-2022-44792, CVE-2020-14145, CVE-2021-3800, CVE-2022-23219, CVE-2021-45485, CVE-2021-45486, CVE-2021-0146, CVE-2018-7738, CVE-2022-24448, CVE-2023-31928, CVE-2022-3786, CVE-2022-3602, CVE-2022-28614, CVE-2022-28615, CVE-2022-0322, CVE-2020-36557, CVE-2020-36558, CVE-2022-29154, CVE-2022-2097, CVE-2011-4917, CVE-2022-2068, CVE-2020-15861, CVE-2012-0060, CVE-2014-2524, CVE-2013-4788, CVE-2022-25313, CVE-2021-20193, CVE-2022-25236, CVE-2022-25235, CVE-2018-14348, CVE-2021-39275

 Connectrix B-Series FOS Versions prior to 9.2.0 Version 9.2.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31426, CVE-2022-0778, CVE-2018-7738, CVE-2022-24448, CVE-2020-36557, CVE-2020-36558, CVE-2018-14404

 Connectrix B-Series FOS Versions prior to 8.2.3d Version 8.2.3d or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-0778 Connectrix B-Series FOS Versions prior to 9.0.1e Version 9.01e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2019-0220 Connectrix B-Series FOS Versions prior to 9.0.0 Version 9.0.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25236 Connectrix B-Series FOS Versions prior to 9.2.1 Version 9.2.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25236, CVE-2022-25235 Connectrix B-Series FOS Versions prior to 9.1.1d Version 9.1.1d or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25235 Connectrix B-Series FOS Versions prior to 8.2.3e Version 8.2.3e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 9.1.1 Version 9.1.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 9.0.1e Version 9.0.1e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2018-0739, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 8.2.3c Version 8.2.3c or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2018-0739 Connectrix B-Series FOS Versions prior to 8.2.0_CBN5 Version 8.2.0_CBN5 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275 Connectrix B-Series FOS Versions prior to 7.4.2j Version 7.4.2j or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2018-25032 Connectrix B-Series SANnav Versions prior to 2.2.2 Version 2.2.2 or later https://www.dell.com/support/home/product-support/product/connectrix-sannav/drivers

 

CVEs Addressed Product Software/Firmware Affected Versions Remediated Versions Link
CVE-2023-31425, CVE-2021-41617, CVE-2022-0155, CVE-2021-4145, CVE-2022-0778 Connectrix B-Series FOS Versions 9.1.0 through 9.1.1 Version 9.1.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2023-31425, CVE-2021-41617, CVE-2022-0155, CVE-2021-4145, CVE-2022-0778 Connectrix B-Series FOS Versions 9.1.0 through 9.1.1 Version 9.2.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31427, CVE-2023-31428, CVE-2023-31429, CVE-2023-31430, CVE-2023-31431, CVE-2023-31432, CVE-2023-31926, CVE-2023-31927, CVE-2022-44792, CVE-2020-14145, CVE-2021-3800, CVE-2022-23219, CVE-2021-45485, CVE-2021-45486, CVE-2021-0146, CVE-2018-7738, CVE-2022-24448, CVE-2020-36557, CVE-2020-36558

 Connectrix B-Series FOS Versions prior to 9.1.1c Version 9.1.1c or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31427, CVE-2023-31428, CVE-2023-31429, CVE-2023-31430, CVE-2023-31431, CVE-2023-31432, CVE-2023-31926, CVE-2023-31927, CVE-2022-44792, CVE-2020-14145, CVE-2021-3800, CVE-2022-23219, CVE-2021-45485, CVE-2021-45486, CVE-2021-0146, CVE-2018-7738, CVE-2022-24448, CVE-2023-31928, CVE-2022-3786, CVE-2022-3602, CVE-2022-28614, CVE-2022-28615, CVE-2022-0322, CVE-2020-36557, CVE-2020-36558, CVE-2022-29154, CVE-2022-2097, CVE-2011-4917, CVE-2022-2068, CVE-2020-15861, CVE-2012-0060, CVE-2014-2524, CVE-2013-4788, CVE-2022-25313, CVE-2021-20193, CVE-2022-25236, CVE-2022-25235, CVE-2018-14348, CVE-2021-39275

 Connectrix B-Series FOS Versions prior to 9.2.0 Version 9.2.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview

CVE-2023-31426, CVE-2022-0778, CVE-2018-7738, CVE-2022-24448, CVE-2020-36557, CVE-2020-36558, CVE-2018-14404

 Connectrix B-Series FOS Versions prior to 8.2.3d Version 8.2.3d or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-0778 Connectrix B-Series FOS Versions prior to 9.0.1e Version 9.01e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2019-0220 Connectrix B-Series FOS Versions prior to 9.0.0 Version 9.0.0 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25236 Connectrix B-Series FOS Versions prior to 9.2.1 Version 9.2.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25236, CVE-2022-25235 Connectrix B-Series FOS Versions prior to 9.1.1d Version 9.1.1d or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2022-25235 Connectrix B-Series FOS Versions prior to 8.2.3e Version 8.2.3e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 9.1.1 Version 9.1.1 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 9.0.1e Version 9.0.1e or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2018-0739, CVE-2022-28169 Connectrix B-Series FOS Versions prior to 8.2.3c Version 8.2.3c or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275, CVE-2018-0739 Connectrix B-Series FOS Versions prior to 8.2.0_CBN5 Version 8.2.0_CBN5 or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2021-39275 Connectrix B-Series FOS Versions prior to 7.4.2j Version 7.4.2j or later https://www.dell.com/support/home/product-support/product/connectrix-b-series-hardware/overview
CVE-2018-25032 Connectrix B-Series SANnav Versions prior to 2.2.2 Version 2.2.2 or later https://www.dell.com/support/home/product-support/product/connectrix-sannav/drivers

 

Historial de revisiones

Revision DateDescription
1.02023-08-02Initial Release
2.02023-09-25Added additional CVE (CVE-2022-28169) to Third Party and Affected Product and Remediation Tables.  Added new Third Party Components related to existing CVE's already documented: 
  • WebTools
  • Linux kernel before 5.13.3 In the IPv6 implementation
  • CLI
  • "less" command
  • "diagstatus" command
  • Linux kernel before 5.16.5 in fs/nfs/dir.c
  • AES OCB fails to encrypt some bytes
  • Logs - "configupload" and "configdownload"
3.02025-02-11Updated for enhanced format presentation with no changes to content

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Connectrix B-Series, Connectrix B-Series, Connectrix DS-300B, Connectrix DS-6505B, Connectrix DS-6510B, Connectrix DS-6520B, Connectrix DS-6610B, Connectrix DS-6620B, Connectrix DS-6620B-V2, Connectrix DS-6630B, Connectrix DS-6630B-V2 , Connectrix DS-7720B, Connectrix DS-7730B, Connectrix DS 6630B, Connectrix ED-DCX6-4B, Connectrix ED-DCX6-8B, Connectrix ED-DCX7-4B, Connectrix ED-DCX7-8B, Connectrix ED-DCX8510-4B, Connectrix ED-DCX8510-8B, Connectrix MP-7800B, Connectrix MP-7810B, Connectrix MP-7840B ...
Propiedades del artículo
Número del artículo: 000216406
Tipo de artículo: Dell Security Advisory
Última modificación: 18 feb 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.