Zu den Hauptinhalten
Abmelden

Willkommen bei Dell

Mein Konto
  • Bestellungen schnell und einfach aufgeben
  • Bestellungen anzeigen und den Versandstatus verfolgen
  • Profitieren Sie von exklusiven Prämien und Rabatten für Mitglieder
  • Erstellen Sie eine Liste Ihrer Produkte, auf die Sie jederzeit zugreifen können.
  • Verwalten Sie mit der Unternehmensverwaltung Ihre Dell EMC Seiten, Produkte und produktspezifischen Kontakte.
Anmelden Konto erstellen Premier-Anmeldung Anmeldung beim Partnerprogramm
Kontakt

Ihr Warenkorb bei Dell.com

Artikelnummer: 000216615

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

Zusammenfassung: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

Artikelinhalt

Auswirkungen

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-39250 Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-39250 Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Problembehebung

 
Product   Software/Firmware   Affected Versions   Remediated Versions   Link  
Dell Storage Integration Tools for VMware (DSITV)  VMware   Versions prior to 6.1.1  Version 6.1.1  Drivers and Downloads  
Dell Storage vSphere Client Plugin (DSVCP)  VMware   Versions prior to 6.1.1  Version 6.1.1  Drivers and Downloads  
Replay Manager for VMware (RMSV)  VMware   Versions prior to 3.1.2  Version 3.1.2  Drivers and Downloads  
 
Product   Software/Firmware   Affected Versions   Remediated Versions   Link  
Dell Storage Integration Tools for VMware (DSITV)  VMware   Versions prior to 6.1.1  Version 6.1.1  Drivers and Downloads  
Dell Storage vSphere Client Plugin (DSVCP)  VMware   Versions prior to 6.1.1  Version 6.1.1  Drivers and Downloads  
Replay Manager for VMware (RMSV)  VMware   Versions prior to 3.1.2  Version 3.1.2  Drivers and Downloads  
NOTE: Please note that Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) are included as part of the same download.

Behelfslösungen und Abhilfemaßnahmen

CVE ID Workaround and Mitigation
CVE-2023-39250
  1. Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
  2. Update the password to the VMware vCenter.
  3. Do not create additional DSITV users; if additional users have already been created, remove those users
  4. Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

Danksagung

Dell Technologies would like to thank Tom Pohl for reporting this issue.
 

Revisionsverlauf

Revision  Date Description 
1.0 2023-08-11 Initial Release 
1.1 2023-08-14 Updated “Workarounds and Mitigations” section 
2.0 2023-10-09 Full Release 
3.0 2023-10-10 Updated for clarity

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtliche Hinweise

Artikeleigenschaften

Betroffenes Produkt
Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 ...
Letztes Veröffentlichungsdatum

10 Okt. 2023

Version

6

Artikeltyp

Dell Security Advisory

Zurück zum Anfang