Details of VAR-202209-0061

ID

VAR-202209-0061

CVE

CVE-2022-34380

TITLE

Dell's CloudLink Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016136

DESCRIPTION

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. Dell's CloudLink There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34380 // JVNDB: JVNDB-2022-016136 // VULHUB: VHN-426696 // VULMON: CVE-2022-34380

AFFECTED PRODUCTS

vendor:	dell	model:	cloudlink	scope:	lt	version:	7.1.4	Trust: 1.0
vendor:	デル	model:	cloudlink	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	cloudlink	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	cloudlink	scope:	eq	version:	7.1.4	Trust: 0.8

sources: JVNDB: JVNDB-2022-016136 // NVD: CVE-2022-34380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34380
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-34380
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-34380
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202209-023
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34380
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34380
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34380
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016136 // CNNVD: CNNVD-202209-023 // NVD: CVE-2022-34380 // NVD: CVE-2022-34380

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426696 // JVNDB: JVNDB-2022-016136 // NVD: CVE-2022-34380

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-023

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202209-023

PATCH

title:

Dell CloudLink Remediation measures for authorization problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206827

Trust: 0.6

sources: CNNVD: CNNVD-202209-023

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34380	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016136	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-023	Trust: 0.6
db:	VULHUB	id:	VHN-426696	Trust: 0.1
db:	VULMON	id:	CVE-2022-34380	Trust: 0.1

sources: VULHUB: VHN-426696 // VULMON: CVE-2022-34380 // JVNDB: JVNDB-2022-016136 // CNNVD: CNNVD-202209-023 // NVD: CVE-2022-34380

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34380	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34380/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426696 // VULMON: CVE-2022-34380 // JVNDB: JVNDB-2022-016136 // CNNVD: CNNVD-202209-023 // NVD: CVE-2022-34380

SOURCES

db:	VULHUB	id:	VHN-426696
db:	VULMON	id:	CVE-2022-34380
db:	JVNDB	id:	JVNDB-2022-016136
db:	CNNVD	id:	CNNVD-202209-023
db:	NVD	id:	CVE-2022-34380

LAST UPDATE DATE

2024-08-14T15:06:12.825000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426696	date:	2022-09-07T00:00:00
db:	VULMON	id:	CVE-2022-34380	date:	2022-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-016136	date:	2023-10-02T08:10:00
db:	CNNVD	id:	CNNVD-202209-023	date:	2022-09-08T00:00:00
db:	NVD	id:	CVE-2022-34380	date:	2022-09-07T14:48:10.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426696	date:	2022-09-01T00:00:00
db:	VULMON	id:	CVE-2022-34380	date:	2022-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-016136	date:	2023-10-02T00:00:00
db:	CNNVD	id:	CNNVD-202209-023	date:	2022-09-01T00:00:00
db:	NVD	id:	CVE-2022-34380	date:	2022-09-01T19:15:12.527