-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness Dell EMC Identifier: DSA-2018-156 CVE Identifier: CVE-2018-11078 Severity: Medium Severity Rating: CVSS v3 Base Score: 4.0 (AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected products: Only Witness DELL EMC VPlex Software: GeoSynchrony all 5.4 versions DELL EMC VPlex Software: GeoSynchrony all 5.5 versions DELL EMC VPlex Software: GeoSynchrony all 6.0 versions Summary: VPlex Witness contains a fix for an Insecure File Permissions vulnerability that could potentially be exploited by malicious users to compromise the affected system. Details: Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic. Resolution: The following Dell EMC VPlex release contains resolutions to these vulnerabilities: * Dell EMC VPlex GeoSynchrony version 6.1 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA). -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs 2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ +67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8 nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o= =+3mo -----END PGP SIGNATURE-----