Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000219712


DSA-2023-426: Security Update for RVTools Vulnerabilities

Summary: RVTools remediation is available for CVE-2023-44303 that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44303 

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. 

7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies. 

 
 

Proprietary Code CVEs 

Description 

CVSS Base Score 

CVSS Vector String 

CVE-2023-44303 

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. 

7.5 

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N This hyperlink is taking you to a website outside of Dell Technologies. 

 
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed 

Product  

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44303 

RVTools 

Versions 3.9.2 through 4.4.5 

 

Version 4.5.0 

 

RVTools - Download | RVTools (robware.net)  This hyperlink is taking you to a website outside of Dell Technologies.

CVEs Addressed 

Product  

Affected Versions 

Remediated Versions 

Link 

CVE-2023-44303 

RVTools 

Versions 3.9.2 through 4.4.5 

 

Version 4.5.0 

 

RVTools - Download | RVTools (robware.net)  This hyperlink is taking you to a website outside of Dell Technologies.

Workarounds and Mitigations

CVE ID 

Workaround and Mitigation 

CVE-2023-44303 

Users using or who wish to stay on an affected version should utilize pass-through authentication. See RVTools PDF documentation (RVTools - Download | RVTools (robware.net)This hyperlink is taking you to a website outside of Dell Technologies. for instructions on how to utilize this mechanism. 

Acknowledgements

Dell Technologies would like to thank Matthias Maes for reporting this issue to RVTools

Revision History

Revision 

Date 

Description 

1.0 

2023-11-23 

Initial Release 

Related Information


Article Properties


Affected Product

Product Security Information

Last Published Date

23 Nov 2023

Version

1

Article Type

Dell Security Advisory