Details of VAR-202209-1935

ID

VAR-202209-1935

CVE

CVE-2022-29089

TITLE

Dell's smartfabric os10 Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018149

DESCRIPTION

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell's smartfabric os10 There are vulnerabilities in inadequate protection of credentials.Information may be obtained. Dell SmartFabric OS10 is a Linux-based network switch operating system developed by Dell

Trust: 1.71

sources: NVD: CVE-2022-29089 // JVNDB: JVNDB-2022-018149 // VULHUB: VHN-420623

AFFECTED PRODUCTS

vendor:	dell	model:	smartfabric os10	scope:	lt	version:	10.5.2.11	Trust: 1.0
vendor:	dell	model:	smartfabric os10	scope:	lt	version:	10.5.3.5	Trust: 1.0
vendor:	dell	model:	smartfabric os10	scope:	lt	version:	10.5.1.11	Trust: 1.0
vendor:	dell	model:	smartfabric os10	scope:	gte	version:	10.5.3.0	Trust: 1.0
vendor:	dell	model:	smartfabric os10	scope:	gte	version:	10.5.1.0	Trust: 1.0
vendor:	dell	model:	smartfabric os10	scope:	gte	version:	10.5.2.0	Trust: 1.0
vendor:	デル	model:	smartfabric os10	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	smartfabric os10	scope:	eq	version:	10.5.3.0 that's all 10.5.3.5	Trust: 0.8
vendor:	デル	model:	smartfabric os10	scope:	eq	version:	10.5.1.0 that's all 10.5.1.11	Trust: 0.8
vendor:	デル	model:	smartfabric os10	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	smartfabric os10	scope:	eq	version:	10.5.2.0 that's all 10.5.2.11	Trust: 0.8

sources: JVNDB: JVNDB-2022-018149 // NVD: CVE-2022-29089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29089
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-29089
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-29089
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-2910
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-29089
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-29089
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29089
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018149 // CNNVD: CNNVD-202209-2910 // NVD: CVE-2022-29089 // NVD: CVE-2022-29089

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420623 // JVNDB: JVNDB-2022-018149 // NVD: CVE-2022-29089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-2910

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202209-2910

PATCH

title:

Dell SmartFabric OS10 Repair measures for information disclosure vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=209702

Trust: 0.6

sources: CNNVD: CNNVD-202209-2910

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29089	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018149	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-2910	Trust: 0.7
db:	VULHUB	id:	VHN-420623	Trust: 0.1

sources: VULHUB: VHN-420623 // JVNDB: JVNDB-2022-018149 // CNNVD: CNNVD-202209-2910 // NVD: CVE-2022-29089

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000202971/dsa-2022-135-dell-emc-smartfabric-os10-security-update-for-multiple-security-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29089	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29089/	Trust: 0.6

sources: VULHUB: VHN-420623 // JVNDB: JVNDB-2022-018149 // CNNVD: CNNVD-202209-2910 // NVD: CVE-2022-29089

SOURCES

db:	VULHUB	id:	VHN-420623
db:	JVNDB	id:	JVNDB-2022-018149
db:	CNNVD	id:	CNNVD-202209-2910
db:	NVD	id:	CVE-2022-29089

LAST UPDATE DATE

2024-08-14T15:11:15.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420623	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-018149	date:	2023-10-18T08:12:00
db:	CNNVD	id:	CNNVD-202209-2910	date:	2022-10-08T00:00:00
db:	NVD	id:	CVE-2022-29089	date:	2022-09-30T17:16:40.670

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420623	date:	2022-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-018149	date:	2023-10-18T00:00:00
db:	CNNVD	id:	CNNVD-202209-2910	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-29089	date:	2022-09-28T21:15:09.880