Lucene search

[email protected]NVD:CVE-2022-22560

HistoryApr 12, 2022 - 6:15 p.m.

CVE-2022-22560

2022-04-1218:15:08

CWE-798

[email protected]

web.nvd.nist.gov

dell emc powerscale

onefs

hard coded credentials

admin user

ethernet switch

vulnerability

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.

Affected configurations

Nvd

Node

dellemc_powerscale_onefsRange8.1.0–9.2.1.0

VendorProductVersionCPE
dellemc_powerscale_onefs*cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_powerscale_onefs	*	cpe:2.3:o:dell:emc_powerscale_onefs::::::::

References

www.dell.com/support/kbdoc/000195815

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-22560

cve1 prion1 cvelist1