Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000153612

DSA-2020-118: Dell EMC VxRail Appliance Security Update for Third Party Component Vulnerability in VMware ESXi

Summary: Dell EMC VxRail Appliances may be impacted by a Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955) in ESXi that may be exploited to compromise the affected systems.

Article Content

Impact

Critical

Details

 NA

  • Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2020-3955
9.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)

VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines. A malicious user with access to modify the system properties of a virtual machine (such as changing the hostname of the virtual machine from inside the guest) may be able to inject malicious script into the ESXi Host Client which may be executed when the UI displays these properties.

  • Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2020-3955
9.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)

VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines. A malicious user with access to modify the system properties of a virtual machine (such as changing the hostname of the virtual machine from inside the guest) may be able to inject malicious script into the ESXi Host Client which may be executed when the UI displays these properties.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:   

  • Dell EMC VxRail Appliance versions prior to 4.5.420

  • Dell EMC VxRail Appliance versions prior to 4.7.510


Remediation:
Dell EMC recommends VxRail 4.5.x users upgrade to version 4.5.420 at the earliest opportunity.

For VxRail 4.7.x users, a version to address this issue is expected shortly. Check back on this article for the expected update.

VxRail 4.5.420 Release notes:   
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

VxRail 4.5.420 Download:    
https://dl.dell.com/downloads/DL96918_VxRail-4.5.420-Composite-Upgrade-Package-for-4.5.x.zip


Affected products:   

  • Dell EMC VxRail Appliance versions prior to 4.5.420

  • Dell EMC VxRail Appliance versions prior to 4.7.510


Remediation:
Dell EMC recommends VxRail 4.5.x users upgrade to version 4.5.420 at the earliest opportunity.

For VxRail 4.7.x users, a version to address this issue is expected shortly. Check back on this article for the expected update.

VxRail 4.5.420 Release notes:   
https://support.emc.com/docu86659_VxRail-Appliance-Software-4.5.x-Release-Notes.pdf?language=en_US

VxRail 4.5.420 Download:    
https://dl.dell.com/downloads/DL96918_VxRail-4.5.420-Composite-Upgrade-Package-for-4.5.x.zip


Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
VxRail Appliance Family, VxRail Appliance Series, VxRail G Series Nodes, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560F, VxRail E665F, VxRail E665N, VxRail G560F, VxRail P Series Nodes, VxRail P470, VxRail P570 , VxRail P580N, VxRail P675F, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail V Series Nodes, VxRail V570F ...
Last Published Date

19 Nov 2021

Version

5

Article Type

Dell Security Advisory

Back to Top