Lucene search
DellCVELIST:CVE-2022-22560HistoryApr 12, 2022 - 5:50 p.m.
CVE-2022-22560
2022-04-1217:50:44
CWE-798
dell
www.cve.org
4
dell emc powerscale
onefs
hard coded credentials
unauthorized login
switch takeover
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
0
Percentile
5.1%
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.
CNA Affected
[
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "8.1.x-9.2.1.x"
}
]
}
]References
Related
cve
cve
CVE-2022-22560
2022-04-12 18:15:08
prion
prion
Hardcoded credentials
2022-04-12 18:15:00
nvd
nvd
CVE-2022-22560
2022-04-12 18:15:08
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2022-22560