Sign-up

ID

VAR-202211-1326


CVE

CVE-2022-34447


TITLE

PowerPath Management Appliance  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-014213

DESCRIPTION

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34447 // JVNDB: JVNDB-2022-014213 // VULHUB: VHN-426763 // VULMON: CVE-2022-34447

AFFECTED PRODUCTS

vendor:dellmodel:powerpath management appliancescope:eqversion:3.0

Trust: 1.0

vendor:dellmodel:powerpath management appliancescope:eqversion:3.3

Trust: 1.0

vendor:dellmodel:powerpath management appliancescope:eqversion:3.2

Trust: 1.0

vendor:dellmodel:powerpath management appliancescope:eqversion:3.1

Trust: 1.0

vendor:デルmodel:dell powerpath management appliancescope:eqversion:3.0

Trust: 0.8

vendor:デルmodel:dell powerpath management appliancescope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell powerpath management appliancescope:eqversion:3.2

Trust: 0.8

vendor:デルmodel:dell powerpath management appliancescope:eqversion:3.3

Trust: 0.8

vendor:デルmodel:dell powerpath management appliancescope:eqversion:3.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-014213 // NVD: CVE-2022-34447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34447
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-34447
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-014213
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-3217
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-34447
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-014213
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014213 // CNNVD: CNNVD-202211-3217 // NVD: CVE-2022-34447 // NVD: CVE-2022-34447

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-426763 // JVNDB: JVNDB-2022-014213 // NVD: CVE-2022-34447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3217

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202211-3217

PATCH

title:DSA-2022-283url:https://www.dell.com/support/kbdoc/en-us/000205404/dsa-2022-283-powerpath-management-appliance-security-update-for-multiple-security-vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-014213

EXTERNAL IDS

db:NVDid:CVE-2022-34447

Trust: 3.4

db:JVNDBid:JVNDB-2022-014213

Trust: 0.8

db:CNNVDid:CNNVD-202211-3217

Trust: 0.6

db:VULHUBid:VHN-426763

Trust: 0.1

db:VULMONid:CVE-2022-34447

Trust: 0.1

sources: VULHUB: VHN-426763 // VULMON: CVE-2022-34447 // JVNDB: JVNDB-2022-014213 // CNNVD: CNNVD-202211-3217 // NVD: CVE-2022-34447

REFERENCES

url:https://www.dell.com/support/kbdoc/000205404

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-34447

Trust: 0.8

url:https://vigilance.fr/vulnerability/dell-powerpath-management-appliance-seven-vulnerabilities-39945

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-34447/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-426763 // VULMON: CVE-2022-34447 // JVNDB: JVNDB-2022-014213 // CNNVD: CNNVD-202211-3217 // NVD: CVE-2022-34447

SOURCES

db:VULHUBid:VHN-426763
db:VULMONid:CVE-2022-34447
db:JVNDBid:JVNDB-2022-014213
db:CNNVDid:CNNVD-202211-3217
db:NVDid:CVE-2022-34447

LAST UPDATE DATE

2024-08-14T14:17:34.390000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426763date:2023-02-21T00:00:00
db:VULMONid:CVE-2022-34447date:2023-02-12T00:00:00
db:JVNDBid:JVNDB-2022-014213date:2023-09-15T06:44:00
db:CNNVDid:CNNVD-202211-3217date:2023-02-22T00:00:00
db:NVDid:CVE-2022-34447date:2023-11-07T03:48:42.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-426763date:2023-02-11T00:00:00
db:VULMONid:CVE-2022-34447date:2023-02-11T00:00:00
db:JVNDBid:JVNDB-2022-014213date:2023-09-15T00:00:00
db:CNNVDid:CNNVD-202211-3217date:2022-11-21T00:00:00
db:NVDid:CVE-2022-34447date:2023-02-11T01:23:24.903