Details of VAR-202204-1402

ID

VAR-202204-1402

CVE

CVE-2022-26854

TITLE

Dell's EMC PowerScale OneFS Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2022-007765

DESCRIPTION

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. Dell's EMC PowerScale OneFS Exists in the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-26854 // JVNDB: JVNDB-2022-007765 // VULHUB: VHN-417509

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.2.0 to 9.2.1.0	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-007765 // NVD: CVE-2022-26854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26854
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2022-26854
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26854
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202204-2719
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-417509
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-26854
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417509
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26854
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-26854
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26854
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417509 // JVNDB: JVNDB-2022-007765 // CNNVD: CNNVD-202204-2719 // NVD: CVE-2022-26854 // NVD: CVE-2022-26854

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-417509 // JVNDB: JVNDB-2022-007765 // NVD: CVE-2022-26854

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2719

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-2719

PATCH

title:

Dell Technologies Dell PowerScale OneFS Fixes for encryption problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189459

Trust: 0.6

sources: CNNVD: CNNVD-202204-2719

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26854	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-007765	Trust: 0.8
db:	CNNVD	id:	CNNVD-202204-2719	Trust: 0.6
db:	VULHUB	id:	VHN-417509	Trust: 0.1

sources: VULHUB: VHN-417509 // JVNDB: JVNDB-2022-007765 // CNNVD: CNNVD-202204-2719 // NVD: CVE-2022-26854

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26854	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26854/	Trust: 0.6

sources: VULHUB: VHN-417509 // JVNDB: JVNDB-2022-007765 // CNNVD: CNNVD-202204-2719 // NVD: CVE-2022-26854

SOURCES

db:	VULHUB	id:	VHN-417509
db:	JVNDB	id:	JVNDB-2022-007765
db:	CNNVD	id:	CNNVD-202204-2719
db:	NVD	id:	CVE-2022-26854

LAST UPDATE DATE

2024-11-23T22:40:29.711000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417509	date:	2022-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-007765	date:	2023-07-20T08:14:00
db:	CNNVD	id:	CNNVD-202204-2719	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-26854	date:	2024-11-21T06:54:39.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417509	date:	2022-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-007765	date:	2023-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202204-2719	date:	2022-04-08T00:00:00
db:	NVD	id:	CVE-2022-26854	date:	2022-04-08T20:15:09.920