Problem

When used under a particular non-standard way a potential security vulnerability has been identified in the Dell One Privileged Session and Password Manager solutions. The purpose of this notification is to pro-actively alert and eliminate any such exposure for our customers.

Description

The vulnerability identified relates to a seldom used component of the underlying operating system, which if not effectively disabled, could be utilized to gain unaudited but restricted access to the appliance file system. To date this has not been demonstrated to permit access to the highly-protected sensitive information stored in the appliance, but in theory could be used to damage some capabilities of the application. For this reason Dell Software have provided an immediate fix to address and remove this potential exposure. It is worth noting that the ability to exploit this vulnerability would require access to the console of the appliance, something which is typically highly restricted across personnel within any organization. Dell Software recommends adhering to the security best practices of establishing tightly controlled physical access to the appliance, and to protect or prohibit network access through the Dell Remote Access Controller.