Lucene search

DellCVELIST:CVE-2022-31228

HistoryOct 12, 2022 - 7:25 p.m.

CVE-2022-31228

2022-10-1219:25:32

CWE-307

dell

www.cve.org

dell emc xtremio

x2 6.4.0-22

bruteforce vulnerability

remote unauthenticated attacker

admin account access

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "XtremIO",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "6.4.0-22",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000204112/dsa-2022-145-dell-emc-xtremeio-for-ssh-and-web-ui-vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Related for CVELIST:CVE-2022-31228