Details of VAR-202204-1074

ID

VAR-202204-1074

CVE

CVE-2022-24428

TITLE

Dell's EMC PowerScale OneFS Improper Permission Preservation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-007796

DESCRIPTION

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. Dell's EMC PowerScale OneFS contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-24428 // JVNDB: JVNDB-2022-007796 // VULHUB: VHN-414175

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.3.0.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.2.0 to 9.3.0.0	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-007796 // NVD: CVE-2022-24428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24428
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-24428
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-24428
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2721
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414175
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-24428
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-414175
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24428
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-24428
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24428
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-414175 // JVNDB: JVNDB-2022-007796 // CNNVD: CNNVD-202204-2721 // NVD: CVE-2022-24428 // NVD: CVE-2022-24428

PROBLEMTYPE DATA

problemtype:	CWE-281	Trust: 1.1
problemtype:	Improper retention of permissions (CWE-281) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-414175 // JVNDB: JVNDB-2022-007796 // NVD: CVE-2022-24428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2721

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2721

PATCH

title:

Dell Technologies Dell PowerScale OneFS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189460

Trust: 0.6

sources: CNNVD: CNNVD-202204-2721

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24428	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-007796	Trust: 0.8
db:	CNNVD	id:	CNNVD-202204-2721	Trust: 0.6
db:	VULHUB	id:	VHN-414175	Trust: 0.1

sources: VULHUB: VHN-414175 // JVNDB: JVNDB-2022-007796 // CNNVD: CNNVD-202204-2721 // NVD: CVE-2022-24428

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24428	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-24428/	Trust: 0.6

sources: VULHUB: VHN-414175 // JVNDB: JVNDB-2022-007796 // CNNVD: CNNVD-202204-2721 // NVD: CVE-2022-24428

SOURCES

db:	VULHUB	id:	VHN-414175
db:	JVNDB	id:	JVNDB-2022-007796
db:	CNNVD	id:	CNNVD-202204-2721
db:	NVD	id:	CVE-2022-24428

LAST UPDATE DATE

2024-11-23T21:58:27.398000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414175	date:	2022-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-007796	date:	2023-07-20T08:15:00
db:	CNNVD	id:	CNNVD-202204-2721	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-24428	date:	2024-11-21T06:50:24.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414175	date:	2022-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-007796	date:	2023-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202204-2721	date:	2022-04-08T00:00:00
db:	NVD	id:	CVE-2022-24428	date:	2022-04-08T20:15:09.557