CVE-2022-32481: DSA-2022-163: Dell EMC Cyber Recovery Security Update for Multiple Vulnerabilities

Vaikutus

Critical

Tiedot

Proprietary Code CVE

Description

CVSS Base score

CVSS Vector String

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions before 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user may chain docker commands to escalate privileges to root leading to complete system takeover.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVE

Description

CVSS Base score

CVSS Vector String

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions before 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user may chain docker commands to escalate privileges to root leading to complete system takeover.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

Product

Affected Versions

Updated Versions

Link to update

Cyber Recovery

Versions before 19.11

19.11

Cyber Recovery Downloads

Note: These vulnerabilities pertain to third-party Golang packages and Cyber Recovery Docker containers and not the management host itself.

Product

Affected Versions

Updated Versions

Link to update

Cyber Recovery

Versions before 19.11

19.11

Cyber Recovery Downloads

Note: These vulnerabilities pertain to third-party Golang packages and Cyber Recovery Docker containers and not the management host itself.

Versiohistoria

Revision

Date

Description

1.0

2022-07-05

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

05 heinäk. 2022