Lucene search

[email protected]CVE-2022-46756

HistoryFeb 01, 2023 - 6:15 a.m.

CVE-2022-46756

2023-02-0106:15:09

CWE-668

[email protected]

web.nvd.nist.gov

cve-2022-46756

dell

vxrail

container escape vulnerability

os commands

system takeover

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container’s underlying OS. Exploitation may lead to a system take over by an attacker.

Affected configurations

NVD

Node

dellvxrail_managerRange<7.0.410vmware_vcenter

CPENameOperatorVersion
dell:vxrail_managerdell vxrail managerlt7.0.410

CPE	Name	Operator	Version
dell:vxrail_manager	dell vxrail manager	lt	7.0.410

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VxRail HCI",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "7.0.410",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000206943

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-46756

cvelist1 nvd1 prion1