Headline
CVE-2023-39250: DSA-2023-282: Security Update for Dell Storage Integration Tools for VMware (DSITV) Vulnerabilities
Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVEs Addressed
Product
Software/Firmware
Affected Versions
Remediated Versions
Link
CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV)
Software
06.01.00.016
Please see “Workarounds and Mitigations” in this advisory below.
N/A
CVEs Addressed
Product
Software/Firmware
Affected Versions
Remediated Versions
Link
CVE-2023-39250
Dell Storage Integration Tools for VMware (DSITV)
Software
06.01.00.016
Please see “Workarounds and Mitigations” in this advisory below.
N/A
Keinoja ongelman kiertämiseen tai lieventämiseen
CVE ID
Workaround and Mitigation
CVE-2023-39250
- Please follow the instructions in the Dell Storage Integration Tools for VMWare Version 6.0 Administrator’s Guide to changethe default root password of all current and new appliances using Compellent DSITV
- Update the password to the VMware vCenter.
- Do not create additional DSITV users; if additional users have already been created, remove those users
- Do not change file/folder permission levels for DSITV; ensure that “/opt/dellcompellent” requires root level to access
Kiitokset
Dell would like to thank Tom Pohl for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-08-11
Initial Release
2.0
2023-08-15
Updated “Workarounds and Mitigations” section
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Dell Compellent SC4020, Dell Storage SC8000, Dell Compellent Series 40, Dell Storage SCv2000, Dell Storage SCv2020, Dell Storage SCv2080, Dell Storage SC5020, Dell Storage SC5020F, Dell Storage SC7020, Dell Storage SC7020F, Dell Storage SC9000 , Dell Storage SCv3000, Dell Storage SCv3020 …
16 elok. 2023