Article Number: 000216615

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

Summary: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

High

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

NOTE: Please note that Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) are included as part of the same download.

Workarounds and Mitigations

CVE ID	Workaround and Mitigation
CVE-2023-39250	Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV Update the password to the VMware vCenter. Do not create additional DSITV users; if additional users have already been created, remove those users Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

CVE ID

Workaround and Mitigation

CVE-2023-39250

Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
Update the password to the VMware vCenter.
Do not create additional DSITV users; if additional users have already been created, remove those users
Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

Acknowledgements

Dell Technologies would like to thank Tom Pohl for reporting this issue.

Revision History

Revision	Date	Description
1.0	2023-08-11	Initial Release
1.1	2023-08-14	Updated “Workarounds and Mitigations” section
2.0	2023-10-09	Full Release
3.0	2023-10-10	Updated for clarity

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 ...

Last Published Date

10 Οκτ 2023

Version

Article Type

Dell Security Advisory

Επιστροφή στην αρχή

Καλώς ορίσατε

Καλώς ορίσατε στην Dell