Vulnerabilites related to dell - storage_vsphere_client_plugin
CVE-2023-39250 (GCVE-0-2023-39250)
Vulnerability from cvelistv5
Published
2023-08-16 15:16
Modified
2024-10-09 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-540 - Inclusion of Sensitive Information in Source Code
Summary
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), Replay Manager for VMware (RMSV) |
Version: Versions prior to 6.1.1, Versions prior to 3.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:14:07.617546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:14:20.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), Replay Manager for VMware (RMSV) ",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 6.1.1, Versions prior to 3.1.2 "
}
]
}
],
"datePublic": "2023-08-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540: Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T05:04:02.610Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-39250",
"datePublished": "2023-08-16T15:16:03.578Z",
"dateReserved": "2023-07-26T08:13:50.421Z",
"dateUpdated": "2024-10-09T14:14:20.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-16 16:15
Modified
2024-11-21 08:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | replay_manager_for_vmware | * | |
| dell | storage_integration_tools_for_vmware | * | |
| dell | storage_vsphere_client_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:replay_manager_for_vmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA180EC-3CC5-4F78-9DF9-3AA00D410C5F",
"versionEndExcluding": "3.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_integration_tools_for_vmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFD6965-A273-4B48-9E0C-EF004E04F09A",
"versionEndExcluding": "6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:storage_vsphere_client_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A073484-7F1E-4B75-8639-E5AA573714FA",
"versionEndExcluding": "6.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones Dell Storage Integration Tools para VMware (DSITV) y Dell Storage vSphere Client Plugin (DSVCP) anteriores a la 6.1.1 y Replay Manager para las versiones VMware (RMSV) anteriores a la 3.1.2 contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario malintencionado local con pocos privilegios podr\u00eda explotar esta vulnerabilidad para recuperar una clave de cifrado que podr\u00eda ayudar en futuros ataques."
}
],
"id": "CVE-2023-39250",
"lastModified": "2024-11-21T08:14:59.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T16:15:11.217",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}