Details of VAR-202205-1992

ID

VAR-202205-1992

CVE

CVE-2022-24414

TITLE

Dell EMC CloudLink Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-4204

DESCRIPTION

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks

Trust: 1.08

sources: NVD: CVE-2022-24414 // VULHUB: VHN-414161 // VULMON: CVE-2022-24414

AFFECTED PRODUCTS

vendor:

dell

model:

cloudlink

scope:

lte

version:

7.1.3

Trust: 1.0

sources: NVD: CVE-2022-24414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24414
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-24414
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202205-4204
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-414161
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-24414
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-414161
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24414
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-24414
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-414161 // CNNVD: CNNVD-202205-4204 // NVD: CVE-2022-24414 // NVD: CVE-2022-24414

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-598	Trust: 1.0

sources: VULHUB: VHN-414161 // NVD: CVE-2022-24414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-4204

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202205-4204

PATCH

title:

Dell EMC CloudLink Repair measures for information disclosure vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195261

Trust: 0.6

sources: CNNVD: CNNVD-202205-4204

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24414	Trust: 1.8
db:	CNNVD	id:	CNNVD-202205-4204	Trust: 0.6
db:	VULHUB	id:	VHN-414161	Trust: 0.1
db:	VULMON	id:	CVE-2022-24414	Trust: 0.1

sources: VULHUB: VHN-414161 // VULMON: CVE-2022-24414 // CNNVD: CNNVD-202205-4204 // NVD: CVE-2022-24414

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000197425/dsa-2022-064-dell-emc-cloudlink-security-update-for-security-vulnerabilities	Trust: 1.8
url:	https://cxsecurity.com/cveshow/cve-2022-24414/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-414161 // VULMON: CVE-2022-24414 // CNNVD: CNNVD-202205-4204 // NVD: CVE-2022-24414

SOURCES

db:	VULHUB	id:	VHN-414161
db:	VULMON	id:	CVE-2022-24414
db:	CNNVD	id:	CNNVD-202205-4204
db:	NVD	id:	CVE-2022-24414

LAST UPDATE DATE

2024-11-23T23:07:20.473000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414161	date:	2022-06-07T00:00:00
db:	VULMON	id:	CVE-2022-24414	date:	2022-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202205-4204	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-24414	date:	2024-11-21T06:50:22.430

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414161	date:	2022-05-26T00:00:00
db:	VULMON	id:	CVE-2022-24414	date:	2022-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202205-4204	date:	2022-05-26T00:00:00
db:	NVD	id:	CVE-2022-24414	date:	2022-05-26T16:15:07.920