DSA-2023-389: Security Update for Dell Technologies PowerProtect DataDomain Vulnerabilities

Résumé: Dell Technologies PowerProtect DataDomain remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Critical

Détails

Third-party Component CVEs More Information
Apache CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Postgres CVE-2023-0215, CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Linux CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
rsyslog CVE-2022-24903 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
p11-kit CVE-2020-29362 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
PCRE2 CVE-2022-1586 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
containerd, docker CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030, CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Runc CVE-2023-28642, CVE-2023-27561, CVE-2023-25809 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Unzip CVE-2022-0529, CVE-2022-0530 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
udisks2 CVE-2022-21233 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libtasb1 CVE-2021-46848 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Bind CVE-2022-2795, CVE-2022-38177, CVE-2022-38178 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Python CVE-2023-24329, CVE-2022-40899, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
libxml2 CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSL CVE-2023-0464, CVE-2023-0465, CVE-2023-0466 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Java CVE-2022-31129, CVE-2021-23337 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
c-ares CVE-2020-8277, CVE-2021-3672 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Certifi CVE-2022-23491 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Curl CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Systemd CVE-2023-26604 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Tar CVE-2022-48303 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libxslt CVE-2021-30560 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
glib2 CVE-2023-24593, CVE-2023-25180 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.
Libpq5 CVE-2022-41862 See NVD link below for individual scores for each CVE.
https://nvd.nist.gov/This hyperlink is taking you to a website outside of Dell Technologies.

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 		 Versions 7.0 through 7.11
 		 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10,
or
7.7.5.20 or later to stay on LTS2022 7.7		  For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 		 Versions prior to 6.2.1.100 Versions 6.2.1.120 or later  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 		 Versions 7.0 through 7.11 Versions 7.12.0.0 or later, or 
7.10.1.10 or later to stay on LTS2023 7.10, 
or
7.7.5.20 or later to stay on LTS2022 7.7		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 		 Versions 7.8 through 7.11 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337  PowerProtect DD DDOS, DDMC, and SmartScale.


 		 Versions 7.0 through 7.11
 		 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10,
or
7.7.5.20 or later to stay on LTS2022 7.7		  For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337 PowerProtect DD DDOS, DDMC



 		 Versions prior to 6.2.1.100 Versions 6.2.1.120 or later  
CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DD DDOS, DDMC


 		 Versions 7.0 through 7.11 Versions 7.12.0.0 or later, or 
7.10.1.10 or later to stay on LTS2023 7.10, 
or
7.7.5.20 or later to stay on LTS2022 7.7		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2023-0215, CVE-2022-41862, CVE-2023-26545, CVE-2023-26242, CVE-2023-25012, CVE-2023-23559, CVE-2023-23455, CVE-2023-23454, CVE-2023-22998, CVE-2023-0615, CVE-2023-0469, CVE-2023-0468, CVE-2023-0394, CVE-2023-0266, CVE-2023-0240, CVE-2022-47929, CVE-2022-47521, CVE-2022-47520, CVE-2022-47519, CVE-2022-47518, CVE-2022-4662, CVE-2022-45934, CVE-2022-45919, CVE-2022-45888, CVE-2022-45887, CVE-2022-45886, CVE-2022-45885, CVE-2022-45884, CVE-2022-24903, CVE-2020-29362, CVE-2022-1586, CVE-2022-23648, CVE-2022-24769, CVE-2022-27191, CVE-2021-43565, CVE-2021-41190, CVE-2022-23648, CVE-2022-27191, CVE-2022-23471, CVE-2022-31030,CVE-2022-29162, CVE-2021-41190, CVE-2021-41103, CVE-2021-41092, CVE-2021-41091, CVE-2021-41089, CVE-2022-36109, CVE-2023-28642, CVE-2023-27561, CVE-2023-25809, CVE-2022-0529, CVE-2022-0530, CVE-2022-21233, CVE-2021-46848, CVE-2022-2795, CVE-2022-38177, CVE-2022-38178, CVE-2023-24329,CVE-2022-40899, CVE-2022-40304, CVE-2022-40303, CVE-2022-29824, CVE-2022-23308, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2022-40304, CVE-2022-40303, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-23491, CVE-2023-23916, CVE-2023-27538, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-26604, CVE-2022-48303, CVE-2021-30560, CVE-2023-24593, CVE-2023-25180, CVE-2022-41862 PowerProtect DD SmartScale


 		 Versions 7.8 through 7.11 Versions 7.12.0.0 or later, or
7.10.1.10 or later to stay on LTS2023 7.10		 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 
CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2021-23337, CVE-2022-28331, CVE-2022-24963, CVE-2021-35940, CVE-2023-24998, CVE-2023-27522, CVE-2023-25690, CVE-2022-37436, CVE-2022-36760, CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377, CVE-2006-20001, CVE-2022-31129, CVE-2020-8277, CVE-2021-3672, CVE-2023-27522, CVE-2023-25690, CVE-2022-45143, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454, CVE-2021-23337, CVE-2023-24329, CVE-2022-45061, CVE-2022-42919, CVE-2022-37454 PowerProtect DP Series Appliance (IDPA) Versions prior to 2.7.4 Version 2.7.6 For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles):
https://www.dell.com/support/kbdoc/334649
https://www.dell.com/support/kbdoc/525902
 

Dell KB articles 
IDPA : Allowed Point Product Upgrades
Procedure to upgrade DataDomainOS
Highest CVSS score of affected CVEs is Critical 9.8 from CVE-2022-28331, CVE-2022-24963, CVE-2022-24963, CVE-2022-36760, CVE-2022-31813, CVE-2022-28615, CVE-2022-37454, CVE-2023-25690, CVE-2022-1586, CVE-2021-46848

Historique des révisions

RevisionDateDescription
1.02023-10-16Initial Release
2.02023-10-20Added CVE-2021-23337 in Java section of Third-Party Components.  
Added CVE-2021-23337 to the Affected Products and Remediation Table for PowerProtect DD DDOS, DDMC, and SmartScale Affected Versions 7.0 to 7.11 and PowerProtect DD DDOS, DDMC version 6.2.1.100
Updated Affected Product section under Article Properties
Combined 6.2.1.100 CVE's to one line in the Affected Products and Remediation table
Removed "SmartScale" from PowerProtect DD DDOS and DDMC for Version 6.2.1.100
 
3.02023-10-30Cosmetic update: Combined the Third-Party Component "Python" into one row in the Third-Party Components Table
4.02023-11-20Added Under Affect Products and Remedition table - Product PowerProtect DP Series (IDPA) with the CVE's addressed, Affected Version, Remediated Version, and Link
5.02024-01-24Updated the Third Party Component Table for Product PowerProtect DP Series Appliance (IDPA) by updating the Remediated Version from Versions 2.7.2, 2.7.3, 2.7.4, with 7.7.5.20 patch to Version 2.7.6
6.02024-04-25Updated Affected Products and Remediation section: Updated Remediated version for Versions prior to 6.2.1.100

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

Data Domain, PowerProtect Data Protection Appliance, DD OS 7.0, DD OS 7.1, DD OS 7.10, DD OS 7.11, DD OS 7.2, DD OS 7.3, DD OS 7.4, DD OS 7.5, DD OS 7.6, DD OS 7.7, DD OS 7.8, DD OS 7.9, PowerProtect Data Domain Management Center , PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software ...
Propriétés de l’article
Numéro d’article: 000218619
Type d’article: Dell Security Advisory
Dernière modification: 25 avr. 2024
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.