Details of VAR-202206-2084

ID

VAR-202206-2084

CVE

CVE-2022-31230

TITLE

Dell's powerscale onefs Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012648

DESCRIPTION

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. Dell's powerscale onefs Exists in the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-31230 // JVNDB: JVNDB-2022-012648 // VULHUB: VHN-422926 // VULMON: CVE-2022-31230

AFFECTED PRODUCTS

vendor:	dell	model:	powerscale onefs	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	dell	model:	powerscale onefs	scope:	lt	version:	9.3.0	Trust: 1.0
vendor:	デル	model:	powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	powerscale onefs	scope:	eq	version:	8.2.0 that's all 9.3.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-012648 // NVD: CVE-2022-31230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-31230
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2022-31230
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-31230
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202206-2733
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-422926
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-31230
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-31230
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-422926
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-31230
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-31230
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-31230
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-422926 // VULMON: CVE-2022-31230 // JVNDB: JVNDB-2022-012648 // CNNVD: CNNVD-202206-2733 // NVD: CVE-2022-31230 // NVD: CVE-2022-31230

PROBLEMTYPE DATA

problemtype:	CWE-327	Trust: 1.1
problemtype:	Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-422926 // JVNDB: JVNDB-2022-012648 // NVD: CVE-2022-31230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2733

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202206-2733

PATCH

title:

Dell PowerScale OneFS Fixes for encryption problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=199414

Trust: 0.6

sources: CNNVD: CNNVD-202206-2733

EXTERNAL IDS

db:	NVD	id:	CVE-2022-31230	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-012648	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-2733	Trust: 0.6
db:	VULHUB	id:	VHN-422926	Trust: 0.1
db:	VULMON	id:	CVE-2022-31230	Trust: 0.1

sources: VULHUB: VHN-422926 // VULMON: CVE-2022-31230 // JVNDB: JVNDB-2022-012648 // CNNVD: CNNVD-202206-2733 // NVD: CVE-2022-31230

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000200681/dsa-2022-118-dell-emc-powerscale-onefs-security-update	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31230	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-31230/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/327.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-422926 // VULMON: CVE-2022-31230 // JVNDB: JVNDB-2022-012648 // CNNVD: CNNVD-202206-2733 // NVD: CVE-2022-31230

SOURCES

db:	VULHUB	id:	VHN-422926
db:	VULMON	id:	CVE-2022-31230
db:	JVNDB	id:	JVNDB-2022-012648
db:	CNNVD	id:	CNNVD-202206-2733
db:	NVD	id:	CVE-2022-31230

LAST UPDATE DATE

2024-08-14T15:00:55.491000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-422926	date:	2022-07-11T00:00:00
db:	VULMON	id:	CVE-2022-31230	date:	2022-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-012648	date:	2023-08-31T08:31:00
db:	CNNVD	id:	CNNVD-202206-2733	date:	2022-07-12T00:00:00
db:	NVD	id:	CVE-2022-31230	date:	2022-07-11T15:50:28.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-422926	date:	2022-06-28T00:00:00
db:	VULMON	id:	CVE-2022-31230	date:	2022-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-012648	date:	2023-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202206-2733	date:	2022-06-28T00:00:00
db:	NVD	id:	CVE-2022-31230	date:	2022-06-28T19:15:09.547