DSA-2023-426: Security Update for RVTools Vulnerabilities

Summary: RVTools remediation is available for CVE-2023-44303 that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44303 

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. 

7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies. 
 
 

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44303 

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. 

7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies. 
 
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed 

Product  

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44303 

RVTools 

Versions 3.9.2 through 4.4.5 

 

Version 4.5.0 

 

RVTools - Download | RVTools (robware.net)  This hyperlink is taking you to a website outside of Dell Technologies.

CVEs Addressed 

Product  

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44303 

RVTools 

Versions 3.9.2 through 4.4.5 

 

Version 4.5.0 

 

RVTools - Download | RVTools (robware.net)  This hyperlink is taking you to a website outside of Dell Technologies.

Workarounds & Mitigations

CVE ID 

Workaround and Mitigation 

CVE-2023-44303 

Users using or who wish to stay on an affected version should utilize pass-through authentication. See RVTools PDF documentation (RVTools - Download | RVTools (robware.net)This hyperlink is taking you to a website outside of Dell Technologies. for instructions on how to utilize this mechanism. 

Revision History

Revision 

Date 

Description 

1.0 

2023-11-23 

Initial Release 

Acknowledgements

Dell Technologies would like to thank Matthias Maes for reporting this issue to RVTools

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Product Security Information
Article Properties
Article Number: 000219712
Article Type: Dell Security Advisory
Last Modified: 23 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.