SB2022080311 - Multiple vulnerabilities in Dell VxRail Appliance
Published: August 3, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Stored cross-site scripting (CVE-ID: CVE-2020-3953)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Log Insight UI. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
This vulnerability affects the following versions: 8.0.0, 4.x.y
2) Open redirect (CVE-ID: CVE-2020-3954)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
This vulnerability affects the following versions: 8.0.0, 4.x.y
3) Information disclosure (CVE-ID: CVE-2020-0527)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to insufficient control flow management. A local administrator can gain unauthorized access to sensitive information on the system.
4) Path traversal (CVE-ID: CVE-2020-5366)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system.
5) Stack-based buffer overflow (CVE-ID: CVE-2020-5344)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send a specially crafted input data, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Incorrect handling of environment files (CVE-ID: CVE-2015-8325)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists in portable version of OpenSSH. A local user can execute arbitrary code as root by setting specially crafted environment variables to conduct attacks against the 'bin/login' process on systems, where PAM is configured to read user-specified environment variables and 'sshd_config' is set to 'UseLogin=yes'.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Input validation error (CVE-ID: CVE-2016-3115)
The vulnerability allows a remote authenticated user to read and manipulate data.
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
8) Information disclosure (CVE-ID: CVE-2018-12127)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
9) Information disclosure (CVE-ID: CVE-2018-12126)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
10) Information disclosure (CVE-ID: CVE-2018-12130)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
11) Information disclosure (CVE-ID: CVE-2019-11091)
The vulnerability allows a local authenticated user to gain access to sensitive information.
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
12) Improper Authentication (CVE-ID: CVE-2020-3976)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Remediation
Install update from vendor's website.