DSA-2022-108: PowerPath and PowerPath Management Appliance Security Update for OpenSSL Vulnerability

Resumen: PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability with an updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server. OpenSSL is not bundled in PowerPath Windows package. However, separate compiled OpenSSL libraries are provided to customers through Dell download site along with an installation script so that customers can install them separately. As a remediation, PowerPath engineering is updating the download site with the latest OpenSSL libraries. ...

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

High

Detalles

Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Soluciones alternativas y mitigaciones

For PowerPath Management Appliance, see Dell Security KB article 198690: Security Vulnerability (CVE-2022-0778) Detected Against OpenSSL in PowerPath Management Appliance Versions 3.0.x, 3.1, and 3.2.x

For PowerPath Linux, customer must update the OpenSSL package on the host system. PowerPath Linux Security Configuration Guide (SCG) 2.0 is updated for OpenSSL dependency in host system.

For PowerPath Windows, OpenSSL_Configuration Utility 3.0. OpenSSL libraries are provided to customers through the Dell download site along with an installation script so that customers can install them separately.

Historial de revisiones

RevisionDateDescription
1.02022-04-25Initial Release
1.12022-09-23Update to 'Updated versions' and 'Link Update'. 
1.22022-09-27Update to Updated versions' and 'Link Update' and removed impact for 6.4 and 6.5 for PowerPath Windows as they are out of support now. 

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

PowerPath for Linux, PowerPath for Windows, Product Security Information

Productos

PowerPath/VE for VMware
Propiedades del artículo
Número del artículo: 000198826
Tipo de artículo: Dell Security Advisory
Última modificación: 21 nov 2025
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.