CVE-2022-33936 Cloud Mobility for Dell EMC Storage Security Update for a Path Traversal/RCE Vulnerability (7th July 2022)

Preface: NVM Express is highly optimized for memory-based storage. There are many distinct benefits associated with NVM Express. It significantly improves sequential and random performance thanks to reduction in latency. It is capable of accessing more data per CPU cycle.

Background: The Dell EMC PowerMax family is the first Dell EMC hardware platform that uses an end- to-end Non-Volatile Memory Express (NVMe) architecture for customer data.

Cloud Mobility for Dell EMC PowerMax is configured within an embedded guest running on the PowerMaxOS hypervisor. Management of Cloud Mobility is performed using the Embedded Management (eManagement) Unisphere for PowerMax. Communication between the embedded Unisphere and Cloud Mobility is through REST API over a PowerMax internal private network connection.

Example:
The most recent PowerMax REST documentation can found by going to your embedded management instance of Unisphere for PowerMax at:
https://{ip-address|hostname}:8443/univmax/restapi/docs

Vulnerability details: Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.

For official announcement details, please refer to the link – https://www.dell.com/support/kbdoc/zh-hk/000201258/dsa-2022-182-cloud-mobility-for-dell-emc-storage-security-update-for-a-path-traversal-rce-vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.