1 Rookie
•
3 Posts
0
209
August 13th, 2025 10:47
Controlvault3 vulnerability - XML file & updating the version of the driver
Hi,
I have several Dell laptops that are affected by the recent vulnerability in ControlVault3.
I managed to push out the latest version of the driver (downloaded from the Dell website) using our RMM solution, however to install it I had to extract the .exe from the packaged .exe that included the mup.xml & package.xml. Our RMM solution would unfortunately not push out the fully packaged .exe with the XML files included.
As a consequence, the driver is updated to 5.15.10.14 but the version of the driver in device manager & the cvusbdrv.sys file in "C:\WINDOWS\system32\Drivers\" is still reporting as 5.15.9.9.
Does anyone know how I could possibly update the driver with the correct version?
I found an entry in the registry under "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{09e9a11d-ccb2-45ae-9be8-65c263e60491}\0000" but it doesn't appear to read from here.
Any guidance would be much appreciated.
Thanks,
Matthew.
JollyBoyJohn
1 Rookie
•
3 Posts
0
August 13th, 2025 12:51
Answered my own question. Apparently it's fine for the driver to show as 5.15.9.9 in the driver details, as long as the versioning shows as "5.15.7.0". Hope this helps someone.
https://www.dell.com/support/kbdoc/en-uk/000353975/how-to-determine-my-system-has-the-right-firmware-driver-for-controlvault
SMcGann
1 Rookie
•
1 Message
0
August 13th, 2025 15:09
It's not fine when vulnerability scanning shows the version 5.15.9.9 instead of the version needed to show that the vulnerability is resolved. Any ideas on how to get this resolved?
JollyBoyJohn
1 Rookie
•
3 Posts
0
August 13th, 2025 15:16
@SMcGann Yes you're right, that is still a problem. I'm not sure if that's something the vuln scanning vendors will need to update from their end, to check the versioning rather than the cvusbdrv.sys file.