DSA-2022-108: PowerPath and PowerPath Management Appliance Security Update for OpenSSL Vulnerability

Zusammenfassung: PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability with an updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server. OpenSSL is not bundled in PowerPath Windows package. However, separate compiled OpenSSL libraries are provided to customers through Dell download site along with an installation script so that customers can install them separately. As a remediation, PowerPath engineering is updating the download site with the latest OpenSSL libraries. ...

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

High

Details

Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Workarounds und Korrekturmaßnahmen

For PowerPath Management Appliance, see Dell Security KB article 198690: Security Vulnerability (CVE-2022-0778) Detected Against OpenSSL in PowerPath Management Appliance Versions 3.0.x, 3.1, and 3.2.x

For PowerPath Linux, customer must update the OpenSSL package on the host system. PowerPath Linux Security Configuration Guide (SCG) 2.0 is updated for OpenSSL dependency in host system.

For PowerPath Windows, OpenSSL_Configuration Utility 3.0. OpenSSL libraries are provided to customers through the Dell download site along with an installation script so that customers can install them separately.

Revisionsverlauf

RevisionDateDescription
1.02022-04-25Initial Release
1.12022-09-23Update to 'Updated versions' and 'Link Update'. 
1.22022-09-27Update to Updated versions' and 'Link Update' and removed impact for 6.4 and 6.5 for PowerPath Windows as they are out of support now. 

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

PowerPath for Linux, PowerPath for Windows, Product Security Information

Produkte

PowerPath/VE for VMware
Artikeleigenschaften
Artikelnummer: 000198826
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 21 Nov. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.