Headline
CVE-2022-34372: DSA-2022-196: Dell Cyber Recovery Security Update for Multiple Vulnerabilities
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
Vaikutus
Critical
Tiedot
Proprietary Code CVE
Description
CVSS Base score
CVSS Vector String
CVE-2022-34372
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVE
Description
CVSS Base score
CVSS Vector String
CVE-2022-34372
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
Link to update
Cyber Recovery
Versions before 19.11.0.2
19.11.0.2
Cyber Recovery Downloads
Note: Third-party vulnerabilities pertain to Golang packages and Cyber Recovery Docker containers. The proprietary vulnerability pertains to Cyber Recovery software on management host.
Product
Affected Versions
Updated Versions
Link to update
Cyber Recovery
Versions before 19.11.0.2
19.11.0.2
Cyber Recovery Downloads
Note: Third-party vulnerabilities pertain to Golang packages and Cyber Recovery Docker containers. The proprietary vulnerability pertains to Cyber Recovery software on management host.
Versiohistoria
Revision
Date
Description
1.0
2022-08-01
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
01 elok. 2022