Details of VAR-202201-1843

ID

VAR-202201-1843

CVE

CVE-2022-22554

TITLE

DELL EMC System Update Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017992

DESCRIPTION

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. Used to distribute Dell Updates for Linux, Microsoft Windows operating systems and updates through Idrac and OS to Idrac passthrough

Trust: 1.8

sources: NVD: CVE-2022-22554 // JVNDB: JVNDB-2021-017992 // VULHUB: VHN-411181 // VULMON: CVE-2022-22554

AFFECTED PRODUCTS

vendor:	dell	model:	emc system update	scope:	lte	version:	1.9.2.0	Trust: 1.0
vendor:	デル	model:	dell emc system update	scope:	lte	version:	1.9.2 and earlier	Trust: 0.8
vendor:	デル	model:	dell emc system update	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017992 // NVD: CVE-2022-22554

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22554
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-22554
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22554
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202201-2271
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-411181
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-22554
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22554
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411181
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22554
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-22554
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22554
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411181 // VULMON: CVE-2022-22554 // JVNDB: JVNDB-2021-017992 // CNNVD: CNNVD-202201-2271 // NVD: CVE-2022-22554 // NVD: CVE-2022-22554

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411181 // JVNDB: JVNDB-2021-017992 // NVD: CVE-2022-22554

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-2271

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-2271

PATCH

title:	DSA-2022-009	url:	https://www.dell.com/support/kbdoc/ja-jp/000195007/dsa-2022-009	Trust: 0.8
title:	Dell Emc System Update Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183805	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22554 // JVNDB: JVNDB-2021-017992 // CNNVD: CNNVD-202201-2271

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22554	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-017992	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-2271	Trust: 0.7
db:	CNVD	id:	CNVD-2022-08198	Trust: 0.1
db:	VULHUB	id:	VHN-411181	Trust: 0.1
db:	VULMON	id:	CVE-2022-22554	Trust: 0.1

sources: VULHUB: VHN-411181 // VULMON: CVE-2022-22554 // JVNDB: JVNDB-2021-017992 // CNNVD: CNNVD-202201-2271 // NVD: CVE-2022-22554

REFERENCES

url:	https://www.dell.com/support/kbdoc/000195007	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22554	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411181 // VULMON: CVE-2022-22554 // JVNDB: JVNDB-2021-017992 // CNNVD: CNNVD-202201-2271 // NVD: CVE-2022-22554

SOURCES

db:	VULHUB	id:	VHN-411181
db:	VULMON	id:	CVE-2022-22554
db:	JVNDB	id:	JVNDB-2021-017992
db:	CNNVD	id:	CNNVD-202201-2271
db:	NVD	id:	CVE-2022-22554

LAST UPDATE DATE

2024-11-23T22:29:08.905000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411181	date:	2022-01-28T00:00:00
db:	VULMON	id:	CVE-2022-22554	date:	2022-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-017992	date:	2023-03-16T01:51:00
db:	CNNVD	id:	CNNVD-202201-2271	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-22554	date:	2024-11-21T06:47:00.950

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411181	date:	2022-01-24T00:00:00
db:	VULMON	id:	CVE-2022-22554	date:	2022-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-017992	date:	2023-03-16T00:00:00
db:	CNNVD	id:	CNNVD-202201-2271	date:	2022-01-24T00:00:00
db:	NVD	id:	CVE-2022-22554	date:	2022-01-24T20:15:08.773