Sign-up

ID

VAR-202206-2277


CVE

CVE-2022-31233


TITLE

Vulnerability in incorrect movement of resources between regions in multiple Dell products

Trust: 0.8

sources: JVNDB: JVNDB-2022-016149

DESCRIPTION

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. eVASA Provider Virtual Appliance , Dell Solutions Enabler , Solutions Enabler Virtual Appliance Multiple Dell products are vulnerable to incorrect movement of resources between regions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. Dell EMC Unisphere for PowerMax has a security vulnerability. An attacker exploited this vulnerability to bypass the restrictions of Dell EMC Unisphere for PowerMax to elevate his privileges

Trust: 1.8

sources: NVD: CVE-2022-31233 // JVNDB: JVNDB-2022-016149 // VULHUB: VHN-422929 // VULMON: CVE-2022-31233

AFFECTED PRODUCTS

vendor:dellmodel:solutions enablerscope:ltversion:9.2.3.4

Trust: 1.0

vendor:dellmodel:powermax osscope:eqversion:5978

Trust: 1.0

vendor:dellmodel:vasascope:ltversion:9.2.3.15

Trust: 1.0

vendor:dellmodel:unisphere for powermax virtual appliancescope:ltversion:9.2.3.15

Trust: 1.0

vendor:dellmodel:evasa provider virtual appliancescope:ltversion:9.2.3.7

Trust: 1.0

vendor:dellmodel:unisphere 360scope:ltversion:9.2.3.6

Trust: 1.0

vendor:dellmodel:solutions enabler virtual appliancescope:ltversion:9.2.3.4

Trust: 1.0

vendor:dellmodel:unisphere for powermaxscope:ltversion:9.2.3.15

Trust: 1.0

vendor:デルmodel:dell unisphere for powermaxscope: - version: -

Trust: 0.8

vendor:デルmodel:dell unisphere for powermax virtual appliancescope: - version: -

Trust: 0.8

vendor:デルmodel:dell solutions enablerscope: - version: -

Trust: 0.8

vendor:デルmodel:solutions enabler virtual appliancescope: - version: -

Trust: 0.8

vendor:デルmodel:vasascope: - version: -

Trust: 0.8

vendor:デルmodel:dell powermax osscope: - version: -

Trust: 0.8

vendor:デルmodel:unisphere 360scope: - version: -

Trust: 0.8

vendor:デルmodel:evasa provider virtual appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-016149 // NVD: CVE-2022-31233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31233
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-31233
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-31233
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202206-2818
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-31233
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-31233
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-31233
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016149 // CNNVD: CNNVD-202206-2818 // NVD: CVE-2022-31233 // NVD: CVE-2022-31233

PROBLEMTYPE DATA

problemtype:CWE-669

Trust: 1.1

problemtype:CWE-602

Trust: 1.0

problemtype:Incorrect resource movement between regions (CWE-669) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-422929 // JVNDB: JVNDB-2022-016149 // NVD: CVE-2022-31233

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202206-2818

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2818

EXTERNAL IDS

db:NVDid:CVE-2022-31233

Trust: 3.4

db:JVNDBid:JVNDB-2022-016149

Trust: 0.8

db:CNNVDid:CNNVD-202206-2818

Trust: 0.7

db:VULHUBid:VHN-422929

Trust: 0.1

db:VULMONid:CVE-2022-31233

Trust: 0.1

sources: VULHUB: VHN-422929 // VULMON: CVE-2022-31233 // JVNDB: JVNDB-2022-016149 // CNNVD: CNNVD-202206-2818 // NVD: CVE-2022-31233

REFERENCES

url:https://www.dell.com/support/kbdoc/000200975

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-31233

Trust: 0.8

url:https://vigilance.fr/vulnerability/dell-unisphere-for-powermax-privilege-escalation-38686

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-31233/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-422929 // VULMON: CVE-2022-31233 // JVNDB: JVNDB-2022-016149 // CNNVD: CNNVD-202206-2818 // NVD: CVE-2022-31233

SOURCES

db:VULHUBid:VHN-422929
db:VULMONid:CVE-2022-31233
db:JVNDBid:JVNDB-2022-016149
db:CNNVDid:CNNVD-202206-2818
db:NVDid:CVE-2022-31233

LAST UPDATE DATE

2024-08-14T14:02:31.725000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-422929date:2022-09-07T00:00:00
db:VULMONid:CVE-2022-31233date:2022-08-31T00:00:00
db:JVNDBid:JVNDB-2022-016149date:2023-10-02T08:11:00
db:CNNVDid:CNNVD-202206-2818date:2022-09-08T00:00:00
db:NVDid:CVE-2022-31233date:2022-09-07T16:47:34.793

SOURCES RELEASE DATE

db:VULHUBid:VHN-422929date:2022-08-31T00:00:00
db:VULMONid:CVE-2022-31233date:2022-08-31T00:00:00
db:JVNDBid:JVNDB-2022-016149date:2023-10-02T00:00:00
db:CNNVDid:CNNVD-202206-2818date:2022-06-29T00:00:00
db:NVDid:CVE-2022-31233date:2022-08-31T20:15:08.627