Details of VAR-202206-0125

ID

VAR-202206-0125

CVE

CVE-2022-26868

TITLE

Dell's powerstoreos In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-010904

DESCRIPTION

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. Dell's powerstoreos for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads

Trust: 2.25

sources: NVD: CVE-2022-26868 // JVNDB: JVNDB-2022-010904 // CNVD: CNVD-2022-83205 // VULMON: CVE-2022-26868

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-83205

AFFECTED PRODUCTS

vendor:	dell	model:	powerstoreos	scope:	lt	version:	2.1.1.0	Trust: 1.0
vendor:	dell	model:	powerstoreos	scope:	gte	version:	2.0.0.0	Trust: 1.0
vendor:	デル	model:	powerstoreos	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	eq	version:	2.0.0.0 that's all 2.1.1.0	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	powerstore	scope:	eq	version:	2.0.0.*	Trust: 0.6
vendor:	dell	model:	powerstore	scope:	eq	version:	2.0.1.*	Trust: 0.6
vendor:	dell	model:	powerstore	scope:	eq	version:	2.1.0.*	Trust: 0.6

sources: CNVD: CNVD-2022-83205 // JVNDB: JVNDB-2022-010904 // NVD: CVE-2022-26868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26868
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-26868
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26868
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-83205
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202206-413
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-26868
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-26868
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-83205
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-26868
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-26868
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26868
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-83205 // VULMON: CVE-2022-26868 // JVNDB: JVNDB-2022-010904 // CNNVD: CNNVD-202206-413 // NVD: CVE-2022-26868 // NVD: CVE-2022-26868

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-010904 // NVD: CVE-2022-26868

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-413

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202206-413

PATCH

title:	Patch for Dell PowerStore OS Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/362286	Trust: 0.6
title:	Dell EMC PowerStore Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195967	Trust: 0.6

sources: CNVD: CNVD-2022-83205 // CNNVD: CNNVD-202206-413

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26868	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-010904	Trust: 0.8
db:	CNVD	id:	CNVD-2022-83205	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-413	Trust: 0.6
db:	VULMON	id:	CVE-2022-26868	Trust: 0.1

sources: CNVD: CNVD-2022-83205 // VULMON: CVE-2022-26868 // JVNDB: JVNDB-2022-010904 // CNNVD: CNNVD-202206-413 // NVD: CVE-2022-26868

REFERENCES

url:	https://www.dell.com/support/kbdoc/000196367	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26868	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26868/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-83205 // VULMON: CVE-2022-26868 // JVNDB: JVNDB-2022-010904 // CNNVD: CNNVD-202206-413 // NVD: CVE-2022-26868

SOURCES

db:	CNVD	id:	CNVD-2022-83205
db:	VULMON	id:	CVE-2022-26868
db:	JVNDB	id:	JVNDB-2022-010904
db:	CNNVD	id:	CNNVD-202206-413
db:	NVD	id:	CVE-2022-26868

LAST UPDATE DATE

2024-11-23T21:58:20.631000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-83205	date:	2022-11-30T00:00:00
db:	VULMON	id:	CVE-2022-26868	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-010904	date:	2023-08-17T08:35:00
db:	CNNVD	id:	CNNVD-202206-413	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2022-26868	date:	2024-11-21T06:54:42.780

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-83205	date:	2022-11-30T00:00:00
db:	VULMON	id:	CVE-2022-26868	date:	2022-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-010904	date:	2023-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202206-413	date:	2022-06-02T00:00:00
db:	NVD	id:	CVE-2022-26868	date:	2022-06-02T21:15:07.723