Sign-up

ID

VAR-202210-0840


CVE

CVE-2022-33937


TITLE

Dell's  geodrive  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018511

DESCRIPTION

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM. Dell's geodrive Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell GeoDrive is a free application from Dell, Inc., USA. Dell EMC ECS and Atmos storage can be accessed from Microsoft Windows desktops and servers

Trust: 1.71

sources: NVD: CVE-2022-33937 // JVNDB: JVNDB-2022-018511 // VULHUB: VHN-426129

AFFECTED PRODUCTS

vendor:dellmodel:geodrivescope:ltversion:2.2.3

Trust: 1.0

vendor:デルmodel:geodrivescope:eqversion:2.2.3

Trust: 0.8

vendor:デルmodel:geodrivescope:eqversion: -

Trust: 0.8

vendor:デルmodel:geodrivescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018511 // NVD: CVE-2022-33937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-33937
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-33937
value: HIGH

Trust: 1.0

NVD: CVE-2022-33937
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-747
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-33937
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2022-33937
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018511 // CNNVD: CNNVD-202210-747 // NVD: CVE-2022-33937 // NVD: CVE-2022-33937

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426129 // JVNDB: JVNDB-2022-018511 // NVD: CVE-2022-33937

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-747

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-747

PATCH

title:Dell GeoDrive Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210853

Trust: 0.6

sources: CNNVD: CNNVD-202210-747

EXTERNAL IDS

db:NVDid:CVE-2022-33937

Trust: 3.3

db:JVNDBid:JVNDB-2022-018511

Trust: 0.8

db:CNNVDid:CNNVD-202210-747

Trust: 0.7

db:VULHUBid:VHN-426129

Trust: 0.1

sources: VULHUB: VHN-426129 // JVNDB: JVNDB-2022-018511 // CNNVD: CNNVD-202210-747 // NVD: CVE-2022-33937

REFERENCES

url:https://www.dell.com/support/kbdoc/000203632

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-33937

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-33937/

Trust: 0.6

sources: VULHUB: VHN-426129 // JVNDB: JVNDB-2022-018511 // CNNVD: CNNVD-202210-747 // NVD: CVE-2022-33937

SOURCES

db:VULHUBid:VHN-426129
db:JVNDBid:JVNDB-2022-018511
db:CNNVDid:CNNVD-202210-747
db:NVDid:CVE-2022-33937

LAST UPDATE DATE

2024-08-14T14:37:16.427000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426129date:2022-10-14T00:00:00
db:JVNDBid:JVNDB-2022-018511date:2023-10-20T05:45:00
db:CNNVDid:CNNVD-202210-747date:2022-10-17T00:00:00
db:NVDid:CVE-2022-33937date:2022-10-14T14:13:54.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-426129date:2022-10-12T00:00:00
db:JVNDBid:JVNDB-2022-018511date:2023-10-20T00:00:00
db:CNNVDid:CNNVD-202210-747date:2022-10-12T00:00:00
db:NVDid:CVE-2022-33937date:2022-10-12T20:15:11.043