Details of VAR-202210-1534

ID

VAR-202210-1534

CVE

CVE-2022-34438

TITLE

Dell PowerScale OneFS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1601

DESCRIPTION

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS. An attacker exploits this vulnerability to cause damage to the entire system

Trust: 0.99

sources: NVD: CVE-2022-34438 // VULHUB: VHN-426754

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.1.0.22	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.3.0.7	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.3.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.4.0.5	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1.15	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.4.0.0	Trust: 1.0

sources: NVD: CVE-2022-34438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34438
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-34438
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202210-1601
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34438
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202210-1601 // NVD: CVE-2022-34438 // NVD: CVE-2022-34438

PROBLEMTYPE DATA

problemtype:

CWE-269

Trust: 1.1

sources: VULHUB: VHN-426754 // NVD: CVE-2022-34438

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1601

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1601

PATCH

title:

Dell PowerScale OneFS Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211859

Trust: 0.6

sources: CNNVD: CNNVD-202210-1601

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34438	Trust: 1.7
db:	CNNVD	id:	CNNVD-202210-1601	Trust: 0.7
db:	VULHUB	id:	VHN-426754	Trust: 0.1

sources: VULHUB: VHN-426754 // CNNVD: CNNVD-202210-1601 // NVD: CVE-2022-34438

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-34438/	Trust: 0.6

sources: VULHUB: VHN-426754 // CNNVD: CNNVD-202210-1601 // NVD: CVE-2022-34438

SOURCES

db:	VULHUB	id:	VHN-426754
db:	CNNVD	id:	CNNVD-202210-1601
db:	NVD	id:	CVE-2022-34438

LAST UPDATE DATE

2024-08-14T13:21:35.452000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426754	date:	2022-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202210-1601	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2022-34438	date:	2022-10-24T15:41:06.130

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426754	date:	2022-10-21T00:00:00
db:	CNNVD	id:	CNNVD-202210-1601	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-34438	date:	2022-10-21T18:15:09.970