Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000153620

DSA-2020-027: Dell EMC VCF over VxRail Security Update for VMware ESXi OpenSLP Remote Code eEecution Vulnerability

Article Content

Impact

Critical

Details

Summary:    
VMware ESXi contains an OpenSLP remote code execution vulnerability in VCF over VxRail, which requires a security update to address it.

VMware ESXi is an embedded management platform used in VCF over VxRail.

A malicious user with network access to port 427 on an ESXi host may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.

VMware ESXi has been updated to address the following vulnerability:   

  • CVE-2019-5544
    9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

The workaround for this issue involves disabling the 3D-acceleration feature. See VMware Security Advisory for more information: https://www.vmware.com/security/advisories/VMSA-2019-0022.html

VMware ESXi is an embedded management platform used in VCF over VxRail.

A malicious user with network access to port 427 on an ESXi host may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.

VMware ESXi has been updated to address the following vulnerability:   

  • CVE-2019-5544
    9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

The workaround for this issue involves disabling the 3D-acceleration feature. See VMware Security Advisory for more information: https://www.vmware.com/security/advisories/VMSA-2019-0022.html

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected Products:  

  • VCF over VxRail versions prior to 3.9.1
     

Remediation:
The following Dell EMC VCF over VxRail release addresses this vulnerability:   

  • VCF over VxRail 3.9.1

For Dell EMC VCF over VxRail 3.9.1 and later, the security update is contained in the release VCF over VxRail 3.9.1

Dell EMC recommends all customers upgrade at the earliest opportunity.

https://docs.vmware.com/en/VMware-Cloud-Foundation/3.9.1/rn/vmware-cloud-foundation-on-dell-emc-vxrail-16-release-notes.html



Affected Products:  

  • VCF over VxRail versions prior to 3.9.1
     

Remediation:
The following Dell EMC VCF over VxRail release addresses this vulnerability:   

  • VCF over VxRail 3.9.1

For Dell EMC VCF over VxRail 3.9.1 and later, the security update is contained in the release VCF over VxRail 3.9.1

Dell EMC recommends all customers upgrade at the earliest opportunity.

https://docs.vmware.com/en/VMware-Cloud-Foundation/3.9.1/rn/vmware-cloud-foundation-on-dell-emc-vxrail-16-release-notes.html



Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

VxRack SDDC

Product
CloudArray Virtual Edition for VxRail Appliance, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VMware ESXi, VxRack SDDC, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series, VxRail G410 , VxRail G Series Nodes, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail Software, VxRail V Series Nodes, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF ...
Last Published Date

22 May 2021

Version

4

Article Type

Dell Security Advisory

Back to Top