Details of VAR-202209-0115

ID

VAR-202209-0115

CVE

CVE-2022-34371

TITLE

Dell's emc powerscale onefs Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016353

DESCRIPTION

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell's emc powerscale onefs There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.8

sources: NVD: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // VULHUB: VHN-426687 // VULMON: CVE-2022-34371

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.3.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.4.0.3	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.3.0.6	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.1.0.19	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1.12	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.4.0.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.3.0.0 to 9.3.0.6	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.2.1.0 to 9.2.1.12	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.1.0.0 to 9.1.0.19	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.4.0.0 to 9.4.0.3	Trust: 0.8

sources: JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-34371
value:	CRITICAL
Trust: 1.8
security_alert@emc.com:	CVE-2022-34371
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202209-124
value:	CRITICAL
Trust: 0.6

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34371
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371 // NVD: CVE-2022-34371 // CNNVD: CNNVD-202209-124

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-319	Trust: 0.1

sources: VULHUB: VHN-426687 // JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

CONFIGURATIONS

sources: NVD: CVE-2022-34371

PATCH

title:

Dell PowerScale OneFS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=206952

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34371	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-016353	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-124	Trust: 0.7
db:	VULHUB	id:	VHN-426687	Trust: 0.1
db:	VULMON	id:	CVE-2022-34371	Trust: 0.1

sources: VULHUB: VHN-426687 // VULMON: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371 // CNNVD: CNNVD-202209-124

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34371	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34371/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426687 // VULMON: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371 // CNNVD: CNNVD-202209-124

SOURCES

db:	VULHUB	id:	VHN-426687
db:	VULMON	id:	CVE-2022-34371
db:	JVNDB	id:	JVNDB-2022-016353
db:	NVD	id:	CVE-2022-34371
db:	CNNVD	id:	CNNVD-202209-124

LAST UPDATE DATE

2023-12-18T13:36:44.728000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426687	date:	2022-09-08T00:00:00
db:	VULMON	id:	CVE-2022-34371	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-016353	date:	2023-10-03T08:09:00
db:	NVD	id:	CVE-2022-34371	date:	2023-08-08T14:21:49.707
db:	CNNVD	id:	CNNVD-202209-124	date:	2022-09-09T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426687	date:	2022-09-02T00:00:00
db:	VULMON	id:	CVE-2022-34371	date:	2022-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-016353	date:	2023-10-03T00:00:00
db:	NVD	id:	CVE-2022-34371	date:	2022-09-02T18:15:11.953
db:	CNNVD	id:	CNNVD-202209-124	date:	2022-09-02T00:00:00