Dell EMC Updates
2680Warning Date
Severity Level
Warning Number
Target Sector
15 July, 2020
● High
2020-1504
All
Description:
DELL EMC has released security updates to address several vulnerabilities in the following product:
- Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS
- Dell EMC VxRail Dell EMC Data Domain
- Dell EMC PowerProtect
- Dell EMC PowerProtect Cyber Recovery
- Dell EMC Data Protection Central
- Dell EMC Networking Virtual Edge Platform 4600 (VEP 4600)
- version 2.0 and older
- Dell EMC PowerSwitch S5200-ON Series Switches BMC firmware
- versions 1.02 and older
- Dell EMC Networking Z9264F-ON Series Switches BMC firmware
- version 3.42.6.0-19 and older
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS) -remotely
- Sensitive information disclosure
- Unauthorized create, delete and modify the system.
- Memory crupption
- Code execution
Best practice and Recommendations:
The CERT team encourages users to review DELL EMC security advisory and apply the necessary updates:
- https://www.dell.com/support/security/en-us/details/545118/DSA-2020-164-Dell-EMC-Isilon-OneFS-and-Dell-EMC-PowerScale-OneFS-Security-Update-for-IPv6-Vulnera
- https://www.dell.com/support/security/en-us/details/545128/DSA-2020-174-Dell-EMC-VxRail-Security-Update-for-Multiple-Third-Party-Component-Vulnerabilities
- https://www.dell.com/support/security/en-us/details/545137/DSA-2020-169-Dell-EMC-Cyber-Recovery-Security-Update-for-Multiple-Third-Party-Component-Vulnerabi#
- https://www.dell.com/support/security/en-us/details/545133/DSA-2020-173-Dell-EMC-Data-Protection-Central-Security-Update-for-Multiple-Third-Party-Component#
- https://www.dell.com/support/article/en-us/sln322196/dsa-2020-115-dell-emc-networking-security-update-for-an-intelligent-platform-management-interface-ipmi-vulnerability?lang=en