Details of VAR-202210-1583

ID

VAR-202210-1583

CVE

CVE-2022-26870

TITLE

Dell's powerstoreos Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019896

DESCRIPTION

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit. Dell's powerstoreos There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell EMC PowerStore is a storage device of Dell (Dell)

Trust: 1.71

sources: NVD: CVE-2022-26870 // JVNDB: JVNDB-2022-019896 // VULHUB: VHN-417525

AFFECTED PRODUCTS

vendor:	dell	model:	powerstoreos	scope:	eq	version:	2.1.0.1	Trust: 1.0
vendor:	dell	model:	powerstoreos	scope:	eq	version:	2.1.0.0	Trust: 1.0
vendor:	デル	model:	powerstoreos	scope:	eq	version:	2.1.0.0	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	eq	version:	2.1.0.1	Trust: 0.8
vendor:	デル	model:	powerstoreos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019896 // NVD: CVE-2022-26870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26870
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2022-26870
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26870
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202210-1605
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-26870
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-26870
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26870
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019896 // CNNVD: CNNVD-202210-1605 // NVD: CVE-2022-26870 // NVD: CVE-2022-26870

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-288	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417525 // JVNDB: JVNDB-2022-019896 // NVD: CVE-2022-26870

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1605

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202210-1605

PATCH

title:

Dell EMC PowerStore Remediation measures for authorization problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211862

Trust: 0.6

sources: CNNVD: CNNVD-202210-1605

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26870	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019896	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-1605	Trust: 0.7
db:	VULHUB	id:	VHN-417525	Trust: 0.1

sources: VULHUB: VHN-417525 // JVNDB: JVNDB-2022-019896 // CNNVD: CNNVD-202210-1605 // NVD: CVE-2022-26870

REFERENCES

url:	https://www.dell.com/support/kbdoc/000196367	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26870	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26870/	Trust: 0.6

sources: VULHUB: VHN-417525 // JVNDB: JVNDB-2022-019896 // CNNVD: CNNVD-202210-1605 // NVD: CVE-2022-26870

SOURCES

db:	VULHUB	id:	VHN-417525
db:	JVNDB	id:	JVNDB-2022-019896
db:	CNNVD	id:	CNNVD-202210-1605
db:	NVD	id:	CVE-2022-26870

LAST UPDATE DATE

2024-08-14T13:42:18.792000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417525	date:	2022-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-019896	date:	2023-10-27T08:16:00
db:	CNNVD	id:	CNNVD-202210-1605	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2022-26870	date:	2022-10-24T15:33:21.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417525	date:	2022-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-019896	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202210-1605	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-26870	date:	2022-10-21T18:15:09.767