Lucene search

[email protected]NVD:CVE-2022-45099

HistoryFeb 01, 2023 - 6:15 a.m.

CVE-2022-45099

2023-02-0106:15:08

CWE-261

CWE-276

[email protected]

web.nvd.nist.gov

dell powerscale

onefs

ndmp

password

weak encoding

vulnerability

system compromise

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Affected configurations

NVD

Node

dellemc_powerscale_onefsRange9.1.0.0–9.1.0.24

dellemc_powerscale_onefsRange9.2.1.0–9.2.1.18

dellemc_powerscale_onefsRange9.3.0.0–9.3.0.7

dellemc_powerscale_onefsRange9.4.0.0–9.4.0.9

References

www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-45099

cve1 cnvd1 prion1 cvelist1