DSA-2020-163: Dell EMC OpenManage Integration for Microsoft System Center Multiple Vulnerabilities
Resumen: DSA-2020-163: Dell EMC OpenManage Integration for Microsoft System Center Multiple Vulnerabilities - Improper Authentication (CVE-2020-5373) and Use of Hard-coded Cryptographic Key (CVE-2020-5374). ...
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
High
Detalles
Details:
- Improper Authentication (CVE-2020-5373)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.
CVSSv3 Base Score 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
- Use of Hard-coded Cryptographic Key (CVE-2020-5374)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
CVSSv3 Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)
Details:
- Improper Authentication (CVE-2020-5373)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.
CVSSv3 Base Score 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
- Use of Hard-coded Cryptographic Key (CVE-2020-5374)
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.
CVSSv3 Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L)
Corrección y productos afectados
Affected products:
- Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for System Center Configuration Manager (SCCM) and System Center Virtual Machine Manager (SCVMM) versions prior to 7.2.1.
Remediation:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
- Dell EMC OpenManage Integration for Microsoft System Center Version for System Center Configuration Manager and System Center Virtual Machine Manager v7.2.1.
Dell EMC recommends all customers upgrade at the earliest opportunity.
Customers can download for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.
Affected products:
- Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for System Center Configuration Manager (SCCM) and System Center Virtual Machine Manager (SCVMM) versions prior to 7.2.1.
Remediation:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
The following Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM release contain resolutions to these vulnerabilities:
- Dell EMC OpenManage Integration for Microsoft System Center Version for System Center Configuration Manager and System Center Virtual Machine Manager v7.2.1.
Dell EMC recommends all customers upgrade at the earliest opportunity.
Customers can download for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.
Información relacionada
Descargo de responsabilidad
Productos afectados
OpenManage Integration for Microsoft System CenterPropiedades del artículo
Número del artículo: 000124989
Tipo de artículo: Dell Security Advisory
Última modificación: 21 feb. 2021
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.