Details of VAR-202210-0778

ID

VAR-202210-0778

CVE

CVE-2022-34431

TITLE

Dell's Dell Hybrid Client Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018856

DESCRIPTION

Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. Dell's Dell Hybrid Client Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-34431 // JVNDB: JVNDB-2022-018856 // VULHUB: VHN-426747

AFFECTED PRODUCTS

vendor:	dell	model:	hybrid client	scope:	lt	version:	1.8	Trust: 1.0
vendor:	dell	model:	hybrid client	scope:	gte	version:	1.5	Trust: 1.0
vendor:	デル	model:	dell hybrid client	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell hybrid client	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell hybrid client	scope:	eq	version:	1.5 that's all 1.8	Trust: 0.8

sources: JVNDB: JVNDB-2022-018856 // NVD: CVE-2022-34431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34431
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-34431
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34431
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-531
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34431
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2022-34431
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018856 // CNNVD: CNNVD-202210-531 // NVD: CVE-2022-34431 // NVD: CVE-2022-34431

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018856 // NVD: CVE-2022-34431

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-531

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-531

PATCH

title:

Dell Hybrid Client Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210604

Trust: 0.6

sources: CNNVD: CNNVD-202210-531

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34431	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018856	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-531	Trust: 0.6
db:	VULHUB	id:	VHN-426747	Trust: 0.1

sources: VULHUB: VHN-426747 // JVNDB: JVNDB-2022-018856 // CNNVD: CNNVD-202210-531 // NVD: CVE-2022-34431

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000203345/dsa-2022-260-dell-hybrid-client-security-update-for-multiple-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34431	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34431/	Trust: 0.6

sources: VULHUB: VHN-426747 // JVNDB: JVNDB-2022-018856 // CNNVD: CNNVD-202210-531 // NVD: CVE-2022-34431

SOURCES

db:	VULHUB	id:	VHN-426747
db:	JVNDB	id:	JVNDB-2022-018856
db:	CNNVD	id:	CNNVD-202210-531
db:	NVD	id:	CVE-2022-34431

LAST UPDATE DATE

2024-08-14T13:21:36.227000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426747	date:	2022-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-018856	date:	2023-10-23T08:13:00
db:	CNNVD	id:	CNNVD-202210-531	date:	2022-10-14T00:00:00
db:	NVD	id:	CVE-2022-34431	date:	2022-10-13T16:21:59.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426747	date:	2022-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-018856	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-531	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-34431	date:	2022-10-11T17:15:11.250