Dell VNX False Positive Security Vulnerabilities
Summary: This article provides a list of security vulnerabilities that cannot be exploited on Dell VNX1 or VNX2 products, but which may be identified by security scanners.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
The CVE IDs are listed in the table below.
Issue Summary
See the 'Recommendation' section below for details on CVE.
Recommendations
The vulnerabilities that are listed in the table below are in order by the date on which Dell Engineering determined that the VNX1 series (VNX5100, VNX5300, VNX5500, VNX5700, and 7500) and VNX2 series (VNX5200, VNX5400, VNX5600, VNX5800, VNX7600, and VNX8000) were not vulnerable.
| Third-party Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| SSL certificate | CVE-2004-2761 | An SSL certificate in the certificate chain was signed using a weak hash algorithm. The remote service uses an SSL certificate chain that was signed using a cryptographically weak hashing algorithm (for example, MD2, MD4, MD5, or SHA1). | The impact score of the CVE is low. Also, we see that the SHA256 certificates are present on the VNX. Hence the possibility of the CVE causing any impact on the array is low. | December |
Legal Disclaimer
Affected Products
VNX/VNXe, VNX1 Series, VNX2 SeriesArticle Properties
Article Number: 000208184
Article Type: Security KB
Last Modified: 20 Feb 2023
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.