Dell Encryption Enterprise Information Disclosure Vulnerability
Summary: Information Disclosure Vulnerability in Dell Encryption Enterprise (formerly Dell Data Protection | Encryption).
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
CVE Identifier: CVE-2018-15773
Severity: Medium
Affected Products:
- Dell Encryption Enterprise
- Dell Data Protection | Encryption
Affected Versions:
- v10.0.0 and Earlier
Dell Encryption (formerly Dell Data Protection | Encryption) v10.0.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive computer files.
Cause
Not Applicable
Resolution
The following Dell Encryption Enterprise release contains a resolution to this vulnerability:
- Dell Encryption v10.1.0 and later
Dell Technologies recommends all customers upgrade at the earliest opportunity.
Link to remedies:
Customers can download the latest Dell Encryption software from:
https://www.dell.com/support/home/product-support/product/dell-data-protection-encryption/drivers
Dell Endpoint Security Suite Enterprise software is made available to customers on their ddpe.credant.com account, or it can be obtained through Dell ProSupport.
Credit:
Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability.
Dell Technologies recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information provided as is without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and noninfringement. In no event shall Dell or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Affected Products
Dell EncryptionArticle Properties
Article Number: 000130673
Article Type: Solution
Last Modified: 16 Jan 2024
Version: 10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.