DSA-2022-108: PowerPath and PowerPath Management Appliance Security Update for OpenSSL Vulnerability

Riepilogo: PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability with an updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server. OpenSSL is not bundled in PowerPath Windows package. However, separate compiled OpenSSL libraries are provided to customers through Dell download site along with an installation script so that customers can install them separately. As a remediation, PowerPath engineering is updating the download site with the latest OpenSSL libraries. ...

Questo articolo si applica a Questo articolo non si applica a Questo articolo non è legato a un prodotto specifico. Non tutte le versioni del prodotto sono identificate in questo articolo.
Scopri le altre risorse

Impatto

High

Dettagli

Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Dell Technologies raccomanda a tutti i clienti di prendere in considerazione sia il punteggio base CVSS, sia ogni eventuale punteggio temporale o ambientale che possa avere effetti sul livello di gravità potenziale associato a una specifica vulnerabilità di sicurezza.

Prodotti interessati e correzione

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Soluzioni alternative e mitigazioni

For PowerPath Management Appliance, see Dell Security KB article 198690: Security Vulnerability (CVE-2022-0778) Detected Against OpenSSL in PowerPath Management Appliance Versions 3.0.x, 3.1, and 3.2.x

For PowerPath Linux, customer must update the OpenSSL package on the host system. PowerPath Linux Security Configuration Guide (SCG) 2.0 is updated for OpenSSL dependency in host system.

For PowerPath Windows, OpenSSL_Configuration Utility 3.0. OpenSSL libraries are provided to customers through the Dell download site along with an installation script so that customers can install them separately.

Cronologia delle revisioni

RevisionDateDescription
1.02022-04-25Initial Release
1.12022-09-23Update to 'Updated versions' and 'Link Update'. 
1.22022-09-27Update to Updated versions' and 'Link Update' and removed impact for 6.4 and 6.5 for PowerPath Windows as they are out of support now. 

Informazioni correlate

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Dichiarazione di non responsabilità

Prodotti interessati

PowerPath for Linux, PowerPath for Windows, Product Security Information

Prodotti

PowerPath/VE for VMware
Proprietà dell'articolo
Numero articolo: 000198826
Tipo di articolo: Dell Security Advisory
Ultima modifica: 21 nov 2025
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.