DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

提供意見反應

摘要: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

本文章適用於本文章不適用於

查看關於以下產品的資源

影響

High

詳細資料

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-39250	Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數，也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

Product	Software/Firmware	Affected Versions	Remediated Versions	Link
Dell Storage Integration Tools for VMware (DSITV)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Dell Storage vSphere Client Plugin (DSVCP)	VMware	Versions prior to 6.1.1	Version 6.1.1	Drivers and Downloads
Replay Manager for VMware (RMSV)	VMware	Versions prior to 3.1.2	Version 3.1.2	Drivers and Downloads

NOTE: Please note that Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) are included as part of the same download.

因應措施與緩解措施

CVE ID	Workaround and Mitigation
CVE-2023-39250	Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV Update the password to the VMware vCenter. Do not create additional DSITV users; if additional users have already been created, remove those users Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

CVE ID

Workaround and Mitigation

CVE-2023-39250

Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
Update the password to the VMware vCenter.
Do not create additional DSITV users; if additional users have already been created, remove those users
Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access

修訂歷史記錄

Revision	Date	Description
1.0	2023-08-11	Initial Release
1.1	2023-08-14	Updated “Workarounds and Mitigations” section
2.0	2023-10-09	Full Release
3.0	2023-10-10	Updated for clarity

感謝

Dell Technologies would like to thank Tom Pohl for reporting this issue.

法律免責聲明

受影響的產品

Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 ...

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

摘要: Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) remediation is available for an information disclosure vulnerability that could be exploited by malicious users to compromise the affected system. ...

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

歡迎

歡迎來到 Dell

DSA-2023-282: Security Update for Dell Storage Integration Tools for VMWare (DSITV), Dell Storage vSphere Client Plugin (DSVCP), and Replay Manager for VMware (RMSV) Information Disclosure Vulnerability

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務