DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

詳細記事

影響

詳細

影響を受ける製品と修復

回避策と緩和策

変更履歴

確認

概要: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

この記事は次に適用されます：この記事は次には適用されません：この記事は、特定の製品に関連付けられていません。すべての製品パージョンがこの記事に記載されているわけではありません。

他のリソースを確認する

影響

High

詳細

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベーススコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

NOTE: Please note that Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) are included as part of the same download.

回避策と緩和策

CVE ID	Workaround and Mitigation
CVE-2023-39250	Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV Update the password to the VMware vCenter. Do not create additional DSITV users; if additional users have already been created, remove those users Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

CVE ID

Workaround and Mitigation

CVE-2023-39250

Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
Update the password to the VMware vCenter.
Do not create additional DSITV users; if additional users have already been created, remove those users
Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

変更履歴

Revision	Date	Description
1.0	2023-08-11	Initial Release
1.1	2023-08-14	Updated “Workarounds and Mitigations” section
2.0	2023-10-09	Full Release
3.0	2023-10-10	Updated for clarity

確認

Dell Technologies would like to thank Tom Pohl for reporting this issue.

法的免責事項

対象製品

Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 ...

文書番号: 000216615

文書の種類: Dell Security Advisory

最終更新: 10 10月 2023

お使いのデバイスがサポートサービスの対象かどうかを確認してください。

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

概要: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

影響

詳細

影響を受ける製品と修復

回避策と緩和策

変更履歴

確認

関連情報

法的免責事項

対象製品

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポートサービス

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポートサービス

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

詳細記事

影響

詳細

影響を受ける製品と修復

回避策と緩和策

変更履歴

確認

関連情報

法的免責事項

対象製品

影響

詳細

影響を受ける製品と修復

回避策と緩和策

変更履歴

確認

関連情報

法的免責事項

対象製品

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポート サービス

文書のプロパティ

質問に対する他のDellユーザーからの回答を見つける

サポート サービス

サポートサービス

サポートサービス