Passer au contenu principal
Quitter

Bienvenue dans l’univers Dell

Mon compte
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Profitez de récompenses et de remises réservées aux membres
  • Créez et accédez à une liste de vos produits
  • Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
Se connecter Créer un compte Connexion au compte Premier Connexion au programme de partenariat
Nous contacter

Vos paniers Dell.com

Numéro d’article: 000201258

DSA-2022-182: Cloud Mobility for Dell Storage Security Update for a Path Traversal RCE Vulnerability

Résumé: Cloud Mobility for Dell Storage remediation is available for a path traversal RCE vulnerability that may be exploited by malicious users to compromise the affected system.

Contenu de l’article

Impact

High

Détails

Cloud Mobility for Dell Storage 1.3.0 contains an RCE vulnerability. A nonprivileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell Technologies recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidentally exploit this vulnerability, leading to RCE with full take over of the system. 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Cloud Mobility for Dell Storage 1.3.0 contains an RCE vulnerability. A nonprivileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell Technologies recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidentally exploit this vulnerability, leading to RCE with full take over of the system. 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage This hyperlink is taking you to a website outside of Dell Technologies.
Or
VMware Marketplace This hyperlink is taking you to a website outside of Dell Technologies.
 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage This hyperlink is taking you to a website outside of Dell Technologies.
Or
VMware Marketplace This hyperlink is taking you to a website outside of Dell Technologies.

Solutions de contournement et mesures d’atténuation des risques

We now reject any patterns in the restore tar file that start with an absolute path or contain .. anywhere in the file path.

Historique des révisions

RevisionDateDescription
1.02022-07-06Initial release 

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Informations légales

Propriétés de l’article

Produit concerné

Product Security Information

Dernière date de publication

20 juin 2023

Version

2

Type d’article

Dell Security Advisory

Haut de la page