DSA-2022-108: PowerPath and PowerPath Management Appliance Security Update for OpenSSL Vulnerability

Summary: PowerPath Management Appliance contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. PowerPath Linux remediation is available for OpenSSL Vulnerability with an updated Security Configuration Guide (SCG) informing the customers to update OpenSSL package on the host system. For PowerPath Windows, OpenSSL_Configuration Utility contains remediation for OpenSSL vulnerability that may be exploited by malicious users to compromise the affected system. OpenSSL is used for communication between PowerPath Windows host and Management server. OpenSSL is not bundled in PowerPath Windows package. However, separate compiled OpenSSL libraries are provided to customers through Dell download site along with an installation script so that customers can install them separately. As a remediation, PowerPath engineering is updating the download site with the latest OpenSSL libraries. ...

Bu makale şunlar için geçerlidir: Bu makale şunlar için geçerli değildir: Bu makale, belirli bir ürüne bağlı değildir. Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Diğer kaynaklara göz atın

Impact

High

Details

Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Third-party Component CVE More information
Third-party Component CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778
https://www.openssl.org/news/secadv/20220315.txt
 
 
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Etkilenen Ürünler ve Düzeltme

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-0778 PowerPath Management Appliance 3.0
3.0 P01
3.1
3.2
3.2 P01
3.2 SP1		 PPMA 3.3 or later version for each https://www.dell.com/support/home/product-support/product/powerpath-management-appliance/drivers
CVE-2022-0778 PowerPath Linux 7.4
PowerPath Linux does not package openssl from past many versions. It uses the openssl packages available on the OS and hence SCG has been released with Open SSL upgrade instructions
https://dl.dell.com/content/manual49528625-powerpath-for-linux-security-configuration-guide.pdf?language=en-us&ps=true
CVE-2022-0778 PowerPath Windows
 		 7.0
 		 OpenSSL libraries are not shipped with PowerPath Windows packages, hence not impacted, however for the benefit of customers a separate OpenSSL tools package is posted to Dell download site, where customers can download and install. OpenSSL tools package has the latest version 1.1.1n

 		 https://dl.dell.com/downloads/DL99599_OpenSSL-Configuration-Utility-3.0.zip

 


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Geçici Çözümler ve Risk Azaltma

For PowerPath Management Appliance, see Dell Security KB article 198690: Security Vulnerability (CVE-2022-0778) Detected Against OpenSSL in PowerPath Management Appliance Versions 3.0.x, 3.1, and 3.2.x

For PowerPath Linux, customer must update the OpenSSL package on the host system. PowerPath Linux Security Configuration Guide (SCG) 2.0 is updated for OpenSSL dependency in host system.

For PowerPath Windows, OpenSSL_Configuration Utility 3.0. OpenSSL libraries are provided to customers through the Dell download site along with an installation script so that customers can install them separately.

Revision History

RevisionDateDescription
1.02022-04-25Initial Release
1.12022-09-23Update to 'Updated versions' and 'Link Update'. 
1.22022-09-27Update to Updated versions' and 'Link Update' and removed impact for 6.4 and 6.5 for PowerPath Windows as they are out of support now. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Yasal Uyarı

Etkilenen Ürünler

PowerPath for Linux, PowerPath for Windows, Product Security Information

Ürünler

PowerPath/VE for VMware
Makale Özellikleri
Article Number: 000198826
Article Type: Dell Security Advisory
Son Değiştirme: 21 Kas 2025
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.