Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

DSA-2022-108: PowerPath and PowerPath Management Appliance Security Update for OpenSSL Vulnerability

Summary: PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability with an updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server. OpenSSL is not bundled in PowerPath Windows package. However, separate compiled OpenSSL libraries are provided to customers through Dell download site along with an installation script so that customers can install them separately. As a remediation, PowerPath engineering is updating the download site with the latest OpenSSL libraries. ...

This article applies to   This article does not apply to 

Impact

High

Details

Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1
PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 
7.0
 
OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 
https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1
PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 
7.0
 
OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 
https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Workarounds & Mitigations

For PowerPath Management Appliance, see Dell Security KB article 198690: Security Vulnerability (CVE-2022-0778) Detected Against OpenSSL in PowerPath Management Appliance Versions 3.0.x, 3.1, and 3.2.x

For PowerPath Linux, customer must update the OpenSSL package on the host system. PowerPath Linux Security Configuration Guide (SCG) 2.0 is updated for OpenSSL dependency in host system.

For PowerPath Windows, OpenSSL_Configuration Utility 3.0. OpenSSL libraries are provided to customers through the Dell download site along with an installation script so that customers can install them separately.

Revision History

RevisionDateDescription
1.02022-04-25Initial Release
1.12022-09-23Update to 'Updated versions' and 'Link Update'. 
1.22022-09-27Update to Updated versions' and 'Link Update' and removed impact for 6.4 and 6.5 for PowerPath Windows as they are out of support now. 

Related Information

Affected Products

PowerPath for Linux, PowerPath for Windows, Product Security Information

Products

PowerPath/VE for VMware
Article Properties
Article Number: 000198826
Article Type: Dell Security Advisory
Last Modified: 27 Sept 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.