PT-2023-6517 · Dell · Dell Storage Vsphere Client Plugin+2
Tom Pohl
·
Published
2023-08-16
·
Updated
2023-11-03
·
CVE-2023-39250
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell Storage Integration Tools for VMware (DSITV) versions prior to 6.1.1
Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1
Replay Manager for VMware (RMSV) versions prior to 3.1.2
Description
The issue is related to an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
Recommendations
For Dell Storage Integration Tools for VMware (DSITV) versions prior to 6.1.1, update to version 6.1.1 or later.
For Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1, update to version 6.1.1 or later.
For Replay Manager for VMware (RMSV) versions prior to 3.1.2, update to version 3.1.2 or later.
As a temporary workaround, consider restricting access to sensitive data and monitoring system access to minimize the risk of exploitation.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Storage Integration Tools For Vmware
Dell Storage Vsphere Client Plugin
Replay Manager For Vmware