ID

VAR-202209-0115


CVE

CVE-2022-34371


TITLE

Dell's  emc powerscale onefs  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016353

DESCRIPTION

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell's emc powerscale onefs There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.8

sources: NVD: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // VULHUB: VHN-426687 // VULMON: CVE-2022-34371

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:lteversion:9.3.0.6

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:lteversion:9.1.0.19

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.1.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:lteversion:9.4.0.3

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.3.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.2.1.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:lteversion:9.2.1.12

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.4.0.0

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion:9.3.0.0 to 9.3.0.6

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion:9.2.1.0 to 9.2.1.12

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion:9.1.0.0 to 9.1.0.19

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope: - version: -

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion:9.4.0.0 to 9.4.0.3

Trust: 0.8

sources: JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-34371
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2022-34371
value: HIGH

Trust: 1.0

NVD: CVE-2022-34371
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202209-124
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-34371
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-34371
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-34371
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-016353 // CNNVD: CNNVD-202209-124 // NVD: CVE-2022-34371 // NVD: CVE-2022-34371

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-319

Trust: 0.1

sources: VULHUB: VHN-426687 // JVNDB: JVNDB-2022-016353 // NVD: CVE-2022-34371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

PATCH

title:Dell PowerScale OneFS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206952

Trust: 0.6

sources: CNNVD: CNNVD-202209-124

EXTERNAL IDS

db:NVDid:CVE-2022-34371

Trust: 3.4

db:JVNDBid:JVNDB-2022-016353

Trust: 0.8

db:CNNVDid:CNNVD-202209-124

Trust: 0.7

db:VULHUBid:VHN-426687

Trust: 0.1

db:VULMONid:CVE-2022-34371

Trust: 0.1

sources: VULHUB: VHN-426687 // VULMON: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // CNNVD: CNNVD-202209-124 // NVD: CVE-2022-34371

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000202171/dsa-2022-172-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-34371

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-34371/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-426687 // VULMON: CVE-2022-34371 // JVNDB: JVNDB-2022-016353 // CNNVD: CNNVD-202209-124 // NVD: CVE-2022-34371

SOURCES

db:VULHUBid:VHN-426687
db:VULMONid:CVE-2022-34371
db:JVNDBid:JVNDB-2022-016353
db:CNNVDid:CNNVD-202209-124
db:NVDid:CVE-2022-34371

LAST UPDATE DATE

2024-08-14T14:02:23.479000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-426687date:2022-09-08T00:00:00
db:VULMONid:CVE-2022-34371date:2022-09-03T00:00:00
db:JVNDBid:JVNDB-2022-016353date:2023-10-03T08:09:00
db:CNNVDid:CNNVD-202209-124date:2022-09-09T00:00:00
db:NVDid:CVE-2022-34371date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-426687date:2022-09-02T00:00:00
db:VULMONid:CVE-2022-34371date:2022-09-02T00:00:00
db:JVNDBid:JVNDB-2022-016353date:2023-10-03T00:00:00
db:CNNVDid:CNNVD-202209-124date:2022-09-02T00:00:00
db:NVDid:CVE-2022-34371date:2022-09-02T18:15:11.953