Lucene search

DellCVELIST:CVE-2022-29089

HistorySep 01, 2022 - 12:00 a.m.

CVE-2022-29089

2022-09-0100:00:00

CWE-522

dell

www.cve.org

cve-2022-29089

dell networking os10

information disclosure

smart fabric services

remote attacker

unauthenticated

reverse engineering

sensitive information

rest api

admin privileges

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

JSON

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

CNA Affected

[
  {
    "product": "Dell Networking OS10",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "10.5.3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000202971/dsa-2022-135-dell-emc-smartfabric-os10-security-update-for-multiple-security-vulnerabilities

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

JSON

Related for CVELIST:CVE-2022-29089