Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000201258


DSA-2022-182: Cloud Mobility for Dell EMC Storage Security Update for a Path Traversal/RCE Vulnerability

Summary: Cloud Mobility for Dell EMC Storage remediation is available for a path traversal/RCE vulnerability that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Cloud Mobility for Dell EMC Storage, 1.3.0 contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell EMC Storage, versions 1.3.0 and earlier, contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidently exploit this vulnerability, leading to RCE with full take over of the system. 8.0 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H    

 

Cloud Mobility for Dell EMC Storage, 1.3.0 contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell EMC Storage, versions 1.3.0 and earlier, contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidently exploit this vulnerability, leading to RCE with full take over of the system. 8.0 https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H    

 

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell EMC Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage
or
VMware Marketplace
 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell EMC Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage
or
VMware Marketplace

Workarounds and Mitigations

We now reject any patterns in the restore tar file that start with an absolute path or contain .. anywhere in the file path.

Revision History

RevisionDateDescription
1.02022-07-06Initial release 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Cloud Mobility, Cloud Mobility for Dell EMC Storage, Product Security Information

Last Published Date

06 Jul 2022

Version

1

Article Type

Dell Security Advisory