Details of VAR-202210-0894

ID

VAR-202210-0894

CVE

CVE-2022-33922

TITLE

Dell's geodrive Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018513

DESCRIPTION

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. Dell's geodrive There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell GeoDrive is a free application from Dell, Inc., USA. Dell EMC ECS and Atmos storage can be accessed from Microsoft Windows desktops and servers. Dell GeoDrive prior to 2.2 has a security vulnerability

Trust: 1.71

sources: NVD: CVE-2022-33922 // JVNDB: JVNDB-2022-018513 // VULHUB: VHN-426114

AFFECTED PRODUCTS

vendor:	dell	model:	geodrive	scope:	lt	version:	2.2.3	Trust: 1.0
vendor:	デル	model:	geodrive	scope:	eq	version:	2.2.3	Trust: 0.8
vendor:	デル	model:	geodrive	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	geodrive	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018513 // NVD: CVE-2022-33922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33922
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-33922
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-33922
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-749
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33922
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-33922
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-33922
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018513 // CNNVD: CNNVD-202210-749 // NVD: CVE-2022-33922 // NVD: CVE-2022-33922

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426114 // JVNDB: JVNDB-2022-018513 // NVD: CVE-2022-33922

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-749

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-749

PATCH

title:

Dell GeoDrive Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210854

Trust: 0.6

sources: CNNVD: CNNVD-202210-749

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33922	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018513	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-749	Trust: 0.7
db:	VULHUB	id:	VHN-426114	Trust: 0.1

sources: VULHUB: VHN-426114 // JVNDB: JVNDB-2022-018513 // CNNVD: CNNVD-202210-749 // NVD: CVE-2022-33922

REFERENCES

url:	https://www.dell.com/support/kbdoc/000203632	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33922	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33922/	Trust: 0.6

sources: VULHUB: VHN-426114 // JVNDB: JVNDB-2022-018513 // CNNVD: CNNVD-202210-749 // NVD: CVE-2022-33922

SOURCES

db:	VULHUB	id:	VHN-426114
db:	JVNDB	id:	JVNDB-2022-018513
db:	CNNVD	id:	CNNVD-202210-749
db:	NVD	id:	CVE-2022-33922

LAST UPDATE DATE

2024-08-14T13:42:19.571000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426114	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-018513	date:	2023-10-20T05:46:00
db:	CNNVD	id:	CNNVD-202210-749	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2022-33922	date:	2022-10-14T14:14:34.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426114	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-018513	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-749	date:	2022-10-12T00:00:00
db:	NVD	id:	CVE-2022-33922	date:	2022-10-12T20:15:10.980