Details of VAR-202211-1324

ID

VAR-202211-1324

CVE

CVE-2022-34446

TITLE

PowerPath Management Appliance Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014212

DESCRIPTION

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. PowerPath Management Appliance Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-34446 // JVNDB: JVNDB-2022-014212 // VULHUB: VHN-426762 // VULMON: CVE-2022-34446

AFFECTED PRODUCTS

vendor:	dell	model:	powerpath management appliance	scope:	eq	version:	3.2	Trust: 1.0
vendor:	dell	model:	powerpath management appliance	scope:	eq	version:	3.3	Trust: 1.0
vendor:	デル	model:	dell powerpath management appliance	scope:	eq	version:	3.2	Trust: 0.8
vendor:	デル	model:	dell powerpath management appliance	scope:	eq	version:	3.3	Trust: 0.8
vendor:	デル	model:	dell powerpath management appliance	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-014212 // NVD: CVE-2022-34446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34446
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-34446
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-34446
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202211-3230
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34446
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34446
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34446
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-014212 // CNNVD: CNNVD-202211-3230 // NVD: CVE-2022-34446 // NVD: CVE-2022-34446

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-287	Trust: 0.1

sources: VULHUB: VHN-426762 // JVNDB: JVNDB-2022-014212 // NVD: CVE-2022-34446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3230

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3230

PATCH

title:	DSA-2022-283	url:	https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities	Trust: 0.8
title:	Dell PowerPath Management Appliance Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=247154	Trust: 0.6

sources: JVNDB: JVNDB-2022-014212 // CNNVD: CNNVD-202211-3230

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34446	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-014212	Trust: 0.8
db:	CNNVD	id:	CNNVD-202211-3230	Trust: 0.6
db:	VULHUB	id:	VHN-426762	Trust: 0.1
db:	VULMON	id:	CVE-2022-34446	Trust: 0.1

sources: VULHUB: VHN-426762 // VULMON: CVE-2022-34446 // JVNDB: JVNDB-2022-014212 // CNNVD: CNNVD-202211-3230 // NVD: CVE-2022-34446

REFERENCES

url:	https://www.dell.com/support/kbdoc/000205404	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34446	Trust: 0.8
url:	https://vigilance.fr/vulnerability/dell-powerpath-management-appliance-seven-vulnerabilities-39945	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34446/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-426762 // VULMON: CVE-2022-34446 // JVNDB: JVNDB-2022-014212 // CNNVD: CNNVD-202211-3230 // NVD: CVE-2022-34446

SOURCES

db:	VULHUB	id:	VHN-426762
db:	VULMON	id:	CVE-2022-34446
db:	JVNDB	id:	JVNDB-2022-014212
db:	CNNVD	id:	CNNVD-202211-3230
db:	NVD	id:	CVE-2022-34446

LAST UPDATE DATE

2024-08-14T14:24:27.105000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426762	date:	2023-02-21T00:00:00
db:	VULMON	id:	CVE-2022-34446	date:	2023-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-014212	date:	2023-09-15T06:43:00
db:	CNNVD	id:	CNNVD-202211-3230	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2022-34446	date:	2023-11-07T03:48:42.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426762	date:	2023-02-11T00:00:00
db:	VULMON	id:	CVE-2022-34446	date:	2023-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-014212	date:	2023-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202211-3230	date:	2022-11-21T00:00:00
db:	NVD	id:	CVE-2022-34446	date:	2023-02-11T01:23:24.780