Details of VAR-202207-0231

ID

VAR-202207-0231

CVE

CVE-2022-32481

TITLE

Dell EMC PowerProtect Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202207-615

DESCRIPTION

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. Dell EMC PowerProtect is an application software of Dell (Dell). Provides companies with the ability to protect, manage and recover their most critical application data. Attackers can use this vulnerability to obtain root privileges

Trust: 1.08

sources: NVD: CVE-2022-32481 // VULHUB: VHN-424522 // VULMON: CVE-2022-32481

AFFECTED PRODUCTS

vendor:

dell

model:

powerprotect cyber recovery

scope:

version:

19.11

Trust: 1.0

sources: NVD: CVE-2022-32481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32481
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-32481
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202207-615
value:	HIGH
Trust: 0.6
VULHUB:	VHN-424522
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-32481
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-32481
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-424522
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-32481
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-424522 // VULMON: CVE-2022-32481 // CNNVD: CNNVD-202207-615 // NVD: CVE-2022-32481 // NVD: CVE-2022-32481

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-424522 // NVD: CVE-2022-32481

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-615

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-615

PATCH

title:

Dell EMC PowerProtect Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200226

Trust: 0.6

sources: CNNVD: CNNVD-202207-615

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32481	Trust: 1.8
db:	CNNVD	id:	CNNVD-202207-615	Trust: 0.7
db:	VULHUB	id:	VHN-424522	Trust: 0.1
db:	VULMON	id:	CVE-2022-32481	Trust: 0.1

sources: VULHUB: VHN-424522 // VULMON: CVE-2022-32481 // CNNVD: CNNVD-202207-615 // NVD: CVE-2022-32481

REFERENCES

url:	https://support.emc.com/kb/000201213	Trust: 1.8
url:	https://cxsecurity.com/cveshow/cve-2022-32481/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-424522 // VULMON: CVE-2022-32481 // CNNVD: CNNVD-202207-615 // NVD: CVE-2022-32481

SOURCES

db:	VULHUB	id:	VHN-424522
db:	VULMON	id:	CVE-2022-32481
db:	CNNVD	id:	CNNVD-202207-615
db:	NVD	id:	CVE-2022-32481

LAST UPDATE DATE

2024-08-14T14:24:41.094000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424522	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2022-32481	date:	2022-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202207-615	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2022-32481	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424522	date:	2022-07-07T00:00:00
db:	VULMON	id:	CVE-2022-32481	date:	2022-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202207-615	date:	2022-07-07T00:00:00
db:	NVD	id:	CVE-2022-32481	date:	2022-07-07T22:15:08.737