تنبيه Dell
2706تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
15 يونيو, 2022
● عالي
2022-4947
الكل
الوصف:
أصدرت Dell EMC تحديثاً لمعالجة عددٍ من الثغرات في منتجاتها:
- Dell EMC Elastic Cloud Storage
- 3.1.x, 3.2.x, 3.3.x, 3.4.x, 3.5.x, and 3.6.x
- APEX Console
- APEX Data Storage Services
- Cloud IQ
- Connectrix (Cisco MDS DCNM)
- Connectrix B-Series SANnav
- Data Domain OS
- Dell EMC Avamar
- Dell EMC BSN Controller Node
- Dell EMC Cloud Disaster Recovery
- Dell EMC Data Protection Advisor
- Dell EMC Data Protection Central
- Dell EMC Data Protection Search
- ECS
- Enterprise Hybrid Cloud
- Dell EMC Enterprise Storage Analytics for vRealize Operations
- Dell EMC Integrated System for Azure Stack HCI
- Dell EMC Integrated System for Microsoft Azure Stack Hub
- Dell EMC Metro Node
- Dell EMC NetWorker
- Dell EMC NetWorker VE
- Dell EMC OpenManage Enterprise Modular
- Dell EMC OpenManage Enterprise Services
- Dell EMC OpenManage Enterprise
- Dell EMC PowerFlex Appliance
- Dell EMC PowerFlex Software (SDS)
- ScaleIO Ready node R630\R730xd
- VxFlex Ready Node R640\R740xd\R840
- PowerFlex custom node R650\R750\R6525
- Dell EMC PowerFlex Rack
- Dell EMC PowerProtect Data Manager
- Dell EMC PowerProtect DP Series Appliance (iDPA)
- Dell EMC PowerStore
- Dell EMC RecoverPoint
- Dell EMC Ruckus SmartZone 300 Controller
- Dell EMC Ruckus SmartZone 100 Controller
- Dell EMC Ruckus Virtual Software
- Dell EMC SRM
- Dell EMC Streaming Data Platform
- Dell EMC Unity
- Dell EMC vProtect
- Dell EMC VxRail
- Dell EMC XC
- Secure Connect Gateway (SCG) Appliance
- Secure Connect Gateway (SCG) Policy Manager
- SRS Policy Manager
- Storage Center - Dell Storage Manager
- SupportAssist Enterprise
- Unisphere Central
- Converged Infrastructure (vblock, VxBlock, VxBlock Central, AMPs, Data Protection, Tech Extensions
- VNXe 1600
- VNXe 3200
- vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage
- vRealize Data Protection Extension Data Management
- Wyse Management Suite
- VNXe3200
- Version 3.1.17.10223906 and earlier
- Version 3.1.17.10223906 and earlier
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- تنفيذ برمجيات خبيثة -عن بعد
الاجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Dell EMC توضيحًا لهذه التحديثات:
- https://www.dell.com/support/kbdoc/en-us/000200585/dsa-2022-141-dell-emc-vnxe3200-security-update-for-windows-ntlm-elevation-of-privilege-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000199950/dsa-2022-130-dell-emc-elastic-cloud-storage-security-update-for-third-party-vulnerabilities