DSA-2022-182: Cloud Mobility for Dell Storage Security Update for a Path Traversal RCE Vulnerability

摘要: Cloud Mobility for Dell Storage remediation is available for a path traversal RCE vulnerability that may be exploited by malicious users to compromise the affected system.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

影響

High

詳細資料

Cloud Mobility for Dell Storage 1.3.0 contains an RCE vulnerability. A nonprivileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell Technologies recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidentally exploit this vulnerability, leading to RCE with full take over of the system. 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Cloud Mobility for Dell Storage 1.3.0 contains an RCE vulnerability. A nonprivileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a high severity issue; so Dell Technologies recommends customers to upgrade at the earliest opportunity.

Proprietary Code CVE Description CVSS Base Score CVSS Vector
CVE-2022-33936 Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains a path traversal in the backup mechanism for the vApp. Any basic user may purposefully or accidentally exploit this vulnerability, leading to RCE with full take over of the system. 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數,也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage This hyperlink is taking you to a website outside of Dell Technologies.
Or
VMware Marketplace This hyperlink is taking you to a website outside of Dell Technologies.
 
CVE Addressed  Product Affected Version Updated Version Link to Update
CVE-2022-33936 Cloud Mobility for Dell Storage 1.3.0 1.3.1 Amazon Marketplace: Cloud Mobility for Dell Storage This hyperlink is taking you to a website outside of Dell Technologies.
Or
VMware Marketplace This hyperlink is taking you to a website outside of Dell Technologies.

因應措施與緩解措施

We now reject any patterns in the restore tar file that start with an absolute path or contain .. anywhere in the file path.

修訂歷史記錄

RevisionDateDescription
1.02022-07-06Initial release 

相關資訊

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免責聲明

受影響的產品

Product Security Information
文章屬性
文章編號: 000201258
文章類型: Dell Security Advisory
上次修改時間: 20 6月 2023
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。