Headline
CVE-2022-34427: DSA-2022-259: Dell Container Storage Modules Security Update for Multiple Vulnerabilities
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34427
Dell Container Storage Modules 1.3 contains an operating system command injection in gofsutil library. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to run arbitrary operating system commands on the affected system.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34426
Dell Container Storage Modules 1.3 contains a path traversal vulnerability in gofsutil library. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability leading to unintentional access to a path outside of restricted directory.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34427
Dell Container Storage Modules 1.3 contains an operating system command injection in gofsutil library. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to run arbitrary operating system commands on the affected system.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34426
Dell Container Storage Modules 1.3 contains a path traversal vulnerability in gofsutil library. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability leading to unintentional access to a path outside of restricted directory.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVEs Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2022-34427
Dell Container Storage Modules
Versions 1.9 and earlier
1.10.0
https://github.com/dell/gofsutil
CVE-2022-34426
CVEs Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2022-34427
Dell Container Storage Modules
Versions 1.9 and earlier
1.10.0
https://github.com/dell/gofsutil
CVE-2022-34426
Versiohistoria
Revision
Date
Description
1.0
2022-09-15
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
15 syysk. 2022