Information Disclosure Vulnerability in Dell Storage Integration Tools and VMware Products
CVE-2023-39250

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Storage Integration Tools For Vmware (dsitv), Dell Storage Vsphere Client Plugin (dsvcp), Replay Manager For Vmware (rmsv)
Vendor: CVE Published:; 16 August 2023

What is CVE-2023-39250?

Dell Storage Integration Tools for VMware and related products were found to have an information disclosure vulnerability. This weakness could be exploited by a local low-privileged attacker to access sensitive information, including encryption keys. Unauthorized retrieval of such keys could facilitate further malicious activities, posing a significant risk to the security of affected systems.

Affected Version(s)

Dell Storage Integration Tools for VMware (DSITV), Dell Storage vSphere Client Plugin (DSVCP), Replay Manager for VMware (RMSV) Versions prior to 6.1.1, Versions prior to 3.1.2

References

https://www.dell.com/support/kbdoc/en-us/000216615/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Jul 26, 2023

JSON