Dell Encryption Enterprise Information Disclosure Vulnerability

CVE Identifier: CVE-2018-15773

Severity: Medium

Affected Products:

• Dell Encryption Enterprise
• Dell Data Protection | Encryption

Affected Versions:

• v10.0.0 and Earlier

Dell Encryption (formerly Dell Data Protection | Encryption) v10.0.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive computer files.

Not Applicable

The following Dell Encryption Enterprise release contains a resolution to this vulnerability:

• Dell Encryption v10.1.0 and later

Dell Technologies recommends all customers upgrade at the earliest opportunity.

Link to remedies:

Customers can download the latest Dell Encryption software from:

https://www.dell.com/support/home/product-support/product/dell-data-protection-encryption/drivers

Dell Endpoint Security Suite Enterprise software is made available to customers on their ddpe.credant.com account, or it can be obtained through Dell ProSupport.

Credit:

Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability.

Dell Technologies recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information provided as is without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and noninfringement. In no event shall Dell or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.