Headline

CVE-2022-34378: DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

2 years ago

CVE

Open in Source

#vulnerability #dos #auth #dell

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34369

Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34371

Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise.

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34378

Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service.

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34369

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34371

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-34378

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-34369

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4

PowerScale OneFS Downloads Area

Any other version

Upgrade your version of PowerScale OneFS

CVE-2022-34371

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.19
9.2.1.0 through 9.2.1.12
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.20
>= 9.2.1.13
>= 9.3.0.7
>= 9.4.0.4

Any other version

Upgrade your version of PowerScale OneFS

CVE-2022-34378

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4

Any other version

Upgrade your version of PowerScale OneFS

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-34369

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4

PowerScale OneFS Downloads Area

Any other version

Upgrade your version of PowerScale OneFS

CVE-2022-34371

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.19
9.2.1.0 through 9.2.1.12
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.20
>= 9.2.1.13
>= 9.3.0.7
>= 9.4.0.4

Any other version

Upgrade your version of PowerScale OneFS

CVE-2022-34378

Dell PowerScale OneFS

9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".

>= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4

Any other version

Upgrade your version of PowerScale OneFS

Keinoja ongelman kiertämiseen tai lieventämiseen

CVE

Additional Mitigation

CVE-2022-34369

In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,

Dell always recommends to use a secure/encrypted transport when sending logs to Dell.
Dell recommends to change passwords for enabled accounts in the System zone file provider. Which can be identified via: isi auth users list --provider=lsa-file-provider:System -v | grep -e "Name: " -e "Enabled: " | grep -B 1 “Enabled: Yes”

CVE-2022-34371

In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,

Dell always recommends to use a secure/encrypted transport when sending logs to Dell.
Dell recommends to change passwords for enabled accounts in the System zone file provider. Which can be identified via: isi auth users list --provider=lsa-file-provider:System -v | grep -e "Name: " -e "Enabled: " | grep -B 1 “Enabled: Yes”

Versiohistoria

Revision

Date

Description

1.0

2022-08-04

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

04 elok. 2022