Lucene search

DellCVELIST:CVE-2022-45095

HistoryFeb 01, 2023 - 4:45 a.m.

CVE-2022-45095

2023-02-0104:45:08

CWE-77

dell

www.cve.org

dell powerscale onefs

command injection

authenticated user

local shell

privilege

gather logs

cluster

exploit

arbitrary commands

denial of service

information disclosure

data deletion

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "9.4.x",
        "status": "affected",
        "version": "8.2.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-45095