DSA-2020-163: Dell EMC OpenManage Integration for Microsoft System Center Multiple Vulnerabilities


DSA-2020-163: Dell EMC OpenManage Integration for Microsoft System Center Multiple Vulnerabilities


DSA ID: DSA-2020-163
CVE Identifier: CVE-2020-5373, CVE-2020-5374
Severity: High
Severity Rating: See Details section below of individual CVSS Scores for each CVE

Affected products:
  • Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for System Center Configuration Manager (SCCM) and System Center Virtual Machine Manager (SCVMM) versions prior to 7.2.1.
Summary:
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) has been updated to address multiple security vulnerabilities which may potentially be exploited to compromise the system.

Details:
  • Improper Authentication (CVE-2020-5373)

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.

CVSSv3 Base Score 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
  • Use of Hard-coded Cryptographic Key (CVE-2020-5374)

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.

CVSSv3 Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)

Resolution:

The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
  • Dell EMC OpenManage Integration for Microsoft System Center Version for System Center Configuration Manager and System Center Virtual Machine Manager v7.2.1.
Dell EMC recommends all customers upgrade at the earliest opportunity.

Link to remedies:
Customers can download for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.




Article ID: SLN322169

Last Date Modified: 07/13/2020 03:59 PM

Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.