Details of VAR-202210-0914

ID

VAR-202210-0914

CVE

CVE-2022-33920

TITLE

Dell's geodrive Unquoted Search Path or Element Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018515

DESCRIPTION

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell's geodrive contains an unquoted search path or element vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell GeoDrive is a free application from Dell, Inc., USA. Dell EMC ECS and Atmos storage can be accessed from Microsoft Windows desktops and servers

Trust: 1.71

sources: NVD: CVE-2022-33920 // JVNDB: JVNDB-2022-018515 // VULHUB: VHN-426112

AFFECTED PRODUCTS

vendor:	dell	model:	geodrive	scope:	lt	version:	2.2.3	Trust: 1.0
vendor:	デル	model:	geodrive	scope:	eq	version:	2.2.3	Trust: 0.8
vendor:	デル	model:	geodrive	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	geodrive	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018515 // NVD: CVE-2022-33920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33920
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-33920
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-33920
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-751
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33920
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-33920
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018515 // CNNVD: CNNVD-202210-751 // NVD: CVE-2022-33920 // NVD: CVE-2022-33920

PROBLEMTYPE DATA

problemtype:	CWE-428	Trust: 1.1
problemtype:	unquoted search path or element (CWE-428) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-426112 // JVNDB: JVNDB-2022-018515 // NVD: CVE-2022-33920

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-751

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-751

PATCH

title:

Dell GeoDrive Fixes for code issue vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210856

Trust: 0.6

sources: CNNVD: CNNVD-202210-751

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33920	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018515	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-751	Trust: 0.7
db:	VULHUB	id:	VHN-426112	Trust: 0.1

sources: VULHUB: VHN-426112 // JVNDB: JVNDB-2022-018515 // CNNVD: CNNVD-202210-751 // NVD: CVE-2022-33920

REFERENCES

url:	https://www.dell.com/support/kbdoc/000203632	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33920	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-33920/	Trust: 0.6

sources: VULHUB: VHN-426112 // JVNDB: JVNDB-2022-018515 // CNNVD: CNNVD-202210-751 // NVD: CVE-2022-33920

SOURCES

db:	VULHUB	id:	VHN-426112
db:	JVNDB	id:	JVNDB-2022-018515
db:	CNNVD	id:	CNNVD-202210-751
db:	NVD	id:	CVE-2022-33920

LAST UPDATE DATE

2024-08-14T15:21:35.424000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426112	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-018515	date:	2023-10-20T05:49:00
db:	CNNVD	id:	CNNVD-202210-751	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2022-33920	date:	2022-10-14T14:15:53.723

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426112	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-018515	date:	2023-10-20T00:00:00
db:	CNNVD	id:	CNNVD-202210-751	date:	2022-10-12T00:00:00
db:	NVD	id:	CVE-2022-33920	date:	2022-10-12T20:15:10.837