Lucene search

DellCVELIST:CVE-2022-34453

HistoryAug 03, 2023 - 12:50 p.m.

CVE-2022-34453

2023-08-0312:50:15

CWE-284

dell

www.cve.org

dell xtremio x2 xms

access control

vulnerability

qos policies

remote user

exploit

read only

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XtremIO X2 ",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "All releases prior to 6.4.1-11"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000204809/dsa-2022-290-dell-xtremio-x2-security-advisory-for-xms-gui?lang=en

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for CVELIST:CVE-2022-34453