Skip to main content
Sign Out
Welcome to Dell
My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us
Your Dell.com Carts

Article Number: 000202058

DSA-2022-210: Dell CloudLink Security Update for Multiple Security Vulnerabilities

Summary: Dell CloudLink remediation is available for SSM Agent console access security issue that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2022-34380

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. 

9.1 

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 

Third-party Component 

CVEs 

More information 

Ubuntu 16.04 ESM: GNU C Library vulnerabilities (USN-5310-2) 

CVE-2021-3999 

See NVD (http://nvd.nist.gov/) for individual scores for each CVE. 

CVE-2022-23218 

CVE-2022-23219 

Ubuntu 16.04 ESM: klibc vulnerabilities (USN-5379-1) 

CVE-2021-31870 

CVE-2021-31872 

CVE-2021-31873 

CVE-2021-31871 

Ubuntu 16.04 ESM: Rsyslog vulnerability (USN-5404-2) 

CVE-2022-24903 

Ubuntu 16.04 ESM: Linux kernel vulnerabilities (USN-5413-1) 

CVE-2021-4157 

CVE-2022-26490 

CVE-2022-28390 

CVE-2021-39713 

CVE-2022-27223 

CVE-2020-27820 

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2022-34380

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. 

9.1 

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 

Third-party Component 

CVEs 

More information 

Ubuntu 16.04 ESM: GNU C Library vulnerabilities (USN-5310-2) 

CVE-2021-3999 

See NVD (http://nvd.nist.gov/) for individual scores for each CVE. 

CVE-2022-23218 

CVE-2022-23219 

Ubuntu 16.04 ESM: klibc vulnerabilities (USN-5379-1) 

CVE-2021-31870 

CVE-2021-31872 

CVE-2021-31873 

CVE-2021-31871 

Ubuntu 16.04 ESM: Rsyslog vulnerability (USN-5404-2) 

CVE-2022-24903 

Ubuntu 16.04 ESM: Linux kernel vulnerabilities (USN-5413-1) 

CVE-2021-4157 

CVE-2022-26490 

CVE-2022-28390 

CVE-2021-39713 

CVE-2022-27223 

CVE-2020-27820 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Updated Version Link to Update
Dell Cloudlink Versions before 7.1.4 7.1.4 CloudLink Downloads
Product Affected Versions Updated Version Link to Update
Dell Cloudlink Versions before 7.1.4 7.1.4 CloudLink Downloads

Workarounds and Mitigations

Customers can disable SSM Agent following instructions in the Dell KB article 200819: CloudLink : Disable AWS console access to CloudLink OS.

Revision History

Revision 

Date 

Description 

1.0 

2022-08-01

Initial Release 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Product

Product Security Information

Last Published Date

01 Aug 2022

Version

1

Article Type

Dell Security Advisory

Back to Top