Impact
Critical
Details
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Product |
Affected Versions |
Updated Versions |
Link to Update |
RecoverPoint Classic |
5.1 SP4 5.1 SP4 P1 5.1 SP3 5.1 SP3 P1 |
5.1.4.2 |
|
RecoverPoint for Virtual Machines |
5.3 SP2 P1 5.3 SP1 P1 5.3 SP2 5.3 SP1 |
5.3.2.2 |
https://www.dell.com/support/home/en-us/product-support/product/recoverpoint-for-virtual-machines/drivers |
RecoverPoint for Virtual Machines |
5.2 SP2 P4 5.2 SP2 5.2 SP2 P3 5.2 SP2 P2 5.2 SP2 P1 5.2 SP1 |
|
Dell Technologies recommends customers apply the temporary resolution, detailed in the Workaround and Mitigation section of this DSA. A permanent remediation for this issue will be released in the future release of the impacted version in line. |
Note: The RecoverPoint for VMs unsupported versions are also impacted and so the customers need to upgrade to the RecoverPoint supported versions.
Product |
Affected Versions |
Updated Versions |
Link to Update |
RecoverPoint Classic |
5.1 SP4 5.1 SP4 P1 5.1 SP3 5.1 SP3 P1 |
5.1.4.2 |
|
RecoverPoint for Virtual Machines |
5.3 SP2 P1 5.3 SP1 P1 5.3 SP2 5.3 SP1 |
5.3.2.2 |
https://www.dell.com/support/home/en-us/product-support/product/recoverpoint-for-virtual-machines/drivers |
RecoverPoint for Virtual Machines |
5.2 SP2 P4 5.2 SP2 5.2 SP2 P3 5.2 SP2 P2 5.2 SP2 P1 5.2 SP1 |
|
Dell Technologies recommends customers apply the temporary resolution, detailed in the Workaround and Mitigation section of this DSA. A permanent remediation for this issue will be released in the future release of the impacted version in line. |
Note: The RecoverPoint for VMs unsupported versions are also impacted and so the customers need to upgrade to the RecoverPoint supported versions.
Workarounds & Mitigations
Below is the workaround for CVE-2021-44228 and CVE-2021-45046 for the customers who do not want to upgrade to the latest patch to be provided by RecoverPoint.
RecoverPoint for VMs (All versions before 5.3 SP2 P2):
Run the following signed script on all vRPAs and reboot them one by one:
- Use SSH or PuTTY to log in as admin > [2] Setup > [8] Advanced options > [4] Run script.
- Paste the following signed script (including # sign):
NzVjNjQ0MTc2ZTVhNjI5MjA0ZjcxNDg1ZTQ2YTA1MDUKdW5saW1pdGVkCm5vdF9yZXN0cmljdGVk
ClRoZSBpZCBvZiB0aGUgc2NyaXB0IGlzOjAwMDE5NDUzMQpNaXRpZ2F0ZSBsb2c0aiBpc3N1ZQpB
c3NpZiBIYWwKZm9yIGZpbGUgaW4gYGZpbmQgL3xncmVwICJsb2c0ai1jb3JlLipqYXIiYDsgZG8K
CWlmIFtbIGB1bnppcCAtcSAtbCAke2ZpbGV9IHwgZ3JlcCAtY2kgSm5kaUxvb2t1cC5jbGFzc2Ag
LWVxIDAgXV07CgkJdGhlbgoJCQllY2hvICIkZmlsZSBkb2VzIG5vdCBjb250YWluIEpuZGlMb29r
dXAuY2xhc3MuIFNraXBwaW5nIGl0LiIKCWVsc2UKCQllY2hvICJSZW1vdmluZyBKbmRpTG9va3Vw
LmNsYXNzIGZyb20gJHtmaWxlfSIKCQl6aXAgLXEgLWQgJHtmaWxlfSBvcmcvYXBhY2hlL2xvZ2dp
bmcvbG9nNGovY29yZS9sb29rdXAvSm5kaUxvb2t1cC5jbGFzcyAmPi9kZXYvbnVsbAoJZmkKZG9u
ZQppZiBbWyBgZ3JlcCAtYyBMT0c0Sl9GT1JNQVRfTVNHX05PX0xPT0tVUFMgL3Jvb3QvLnRjc2hy
Y2AgLWVxIDAgXV07IHRoZW4KCWVjaG8gInNldGVudiBMT0c0Sl9GT1JNQVRfTVNHX05PX0xPT0tV
UFMgdHJ1ZSIgPj4gL3Jvb3QvLnRjc2hyYwpmaQo=
#
- Enter your name.
- Reboot the vRPA > [M] Main Menu > [5] Shutdown or Reboot operations > [1] Reboot RPA.
RecoverPoint for VMs Plugin Server (All versions before 5.3 SP2):
- Upgrade to 5.3 SP2 Plugin.
Or
- Log in as root to the Plugin Server and run the following command:
zip -q -d /opt/rpcenter/rp_life_cycle/rp_cleanup_tool/lib/log4j-core*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
RecoverPoint Classic (All versions before 5.1 SP4 P2):
Run the following signed script on all RPAs or vRPA and reboot them one by one:
- Use SSH or PuTTY to log in as boxmgmt > [2] Setup > [8] Advanced options > [4] Run script.
- Paste the following signed script (including # sign):
NzVjNjQ0MTc2ZTVhNjI5MjA0ZjcxNDg1ZTQ2YTA1MDUKdW5saW1pdGVkCm5vdF9yZXN0cmljdGVk
ClRoZSBpZCBvZiB0aGUgc2NyaXB0IGlzOjAwMDE5NDUzMQpNaXRpZ2F0ZSBsb2c0aiBpc3N1ZQpB
c3NpZiBIYWwKZm9yIGZpbGUgaW4gYGZpbmQgL3xncmVwICJsb2c0ai1jb3JlLipqYXIiYDsgZG8K
CWlmIFtbIGB1bnppcCAtcSAtbCAke2ZpbGV9IHwgZ3JlcCAtY2kgSm5kaUxvb2t1cC5jbGFzc2Ag
LWVxIDAgXV07CgkJdGhlbgoJCQllY2hvICIkZmlsZSBkb2VzIG5vdCBjb250YWluIEpuZGlMb29r
dXAuY2xhc3MuIFNraXBwaW5nIGl0LiIKCWVsc2UKCQllY2hvICJSZW1vdmluZyBKbmRpTG9va3Vw
LmNsYXNzIGZyb20gJHtmaWxlfSIKCQl6aXAgLXEgLWQgJHtmaWxlfSBvcmcvYXBhY2hlL2xvZ2dp
bmcvbG9nNGovY29yZS9sb29rdXAvSm5kaUxvb2t1cC5jbGFzcyAmPi9kZXYvbnVsbAoJZmkKZG9u
ZQppZiBbWyBgZ3JlcCAtYyBMT0c0Sl9GT1JNQVRfTVNHX05PX0xPT0tVUFMgL3Jvb3QvLnRjc2hy
Y2AgLWVxIDAgXV07IHRoZW4KCWVjaG8gInNldGVudiBMT0c0Sl9GT1JNQVRfTVNHX05PX0xPT0tV
UFMgdHJ1ZSIgPj4gL3Jvb3QvLnRjc2hyYwpmaQo=
#
- Enter your name.
- Reboot the RPA or vRPA > [M] Main Menu > [5] Shutdown or Reboot operations > [1] Reboot RPA.
Revision History
Revision | Date | Description |
1.0 | 2021-12-15 | Workaround |
1.1 | 2021-12-17 | Updated workaround including RPC plugin server. |
1.2 | 2021-12-20 | Updated the affected versions section |
1.3 | 2021-12-21 | Updated another CVE-2021-45105 for 2.16 log4j versions |
1.4 | 2021-12-22 | Removed CVE-2021-45105 based on review comments |
2.0 | 2022-01-11 | RecoverPoint for VMs release 5.3.2.2 |
3.0 | 2022-02-01 | RecoverPoint Classic release 5.1.4.2 |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
RecoverPoint, Product Security Information, RecoverPoint, RecoverPoint CL