Details of VAR-202206-1979

ID

VAR-202206-1979

CVE

CVE-2022-29097

TITLE

Dell's Dell Wyse Management Suite Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012513

DESCRIPTION

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. Dell's Dell Wyse Management Suite Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29097 // JVNDB: JVNDB-2022-012513 // VULHUB: VHN-420631 // VULMON: CVE-2022-29097

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lte	version:	3.6.1	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	lte	version:	3.6.1 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-012513 // NVD: CVE-2022-29097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29097
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-29097
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-29097
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202206-2484
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-420631
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-29097
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29097
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-420631
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29097
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-29097
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-420631 // VULMON: CVE-2022-29097 // JVNDB: JVNDB-2022-012513 // CNNVD: CNNVD-202206-2484 // NVD: CVE-2022-29097 // NVD: CVE-2022-29097

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-23	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-420631 // JVNDB: JVNDB-2022-012513 // NVD: CVE-2022-29097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2484

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202206-2484

PATCH

title:

Dell WMS Repair measures for path traversal vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198898

Trust: 0.6

sources: CNNVD: CNNVD-202206-2484

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29097	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-012513	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-2484	Trust: 0.6
db:	VULHUB	id:	VHN-420631	Trust: 0.1
db:	VULMON	id:	CVE-2022-29097	Trust: 0.1

sources: VULHUB: VHN-420631 // VULMON: CVE-2022-29097 // JVNDB: JVNDB-2022-012513 // CNNVD: CNNVD-202206-2484 // NVD: CVE-2022-29097

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000200215/dsa-2022-143-dell-wyse-management-suite-security-update-for-multiple-vulnerabilities	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29097	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29097/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-420631 // VULMON: CVE-2022-29097 // JVNDB: JVNDB-2022-012513 // CNNVD: CNNVD-202206-2484 // NVD: CVE-2022-29097

SOURCES

db:	VULHUB	id:	VHN-420631
db:	VULMON	id:	CVE-2022-29097
db:	JVNDB	id:	JVNDB-2022-012513
db:	CNNVD	id:	CNNVD-202206-2484
db:	NVD	id:	CVE-2022-29097

LAST UPDATE DATE

2024-08-14T14:43:51.860000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-420631	date:	2022-07-06T00:00:00
db:	VULMON	id:	CVE-2022-29097	date:	2022-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-012513	date:	2023-08-30T08:19:00
db:	CNNVD	id:	CNNVD-202206-2484	date:	2022-07-07T00:00:00
db:	NVD	id:	CVE-2022-29097	date:	2022-07-06T14:50:20.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-420631	date:	2022-06-24T00:00:00
db:	VULMON	id:	CVE-2022-29097	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-012513	date:	2023-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202206-2484	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2022-29097	date:	2022-06-24T17:15:08.700