Details of VAR-202210-1778

ID

VAR-202210-1778

CVE

CVE-2022-34439

TITLE

Dell PowerScale OneFS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1599

DESCRIPTION

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 0.99

sources: NVD: CVE-2022-34439 // VULHUB: VHN-426755

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.1.0.22	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1.16	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.3.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.3.0.7	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.4.0.5	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.4.0.0	Trust: 1.0

sources: NVD: CVE-2022-34439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34439
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-34439
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202210-1599
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34439
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34439
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202210-1599 // NVD: CVE-2022-34439 // NVD: CVE-2022-34439

PROBLEMTYPE DATA

problemtype:

CWE-770

Trust: 1.1

sources: VULHUB: VHN-426755 // NVD: CVE-2022-34439

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1599

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1599

PATCH

title:

Dell PowerScale OneFS Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211858

Trust: 0.6

sources: CNNVD: CNNVD-202210-1599

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34439	Trust: 1.7
db:	CNNVD	id:	CNNVD-202210-1599	Trust: 0.7
db:	VULHUB	id:	VHN-426755	Trust: 0.1

sources: VULHUB: VHN-426755 // CNNVD: CNNVD-202210-1599 // NVD: CVE-2022-34439

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000204053/dsa-2022-245-dell-emc-powerscale-onefs-security-update-for-multiple-security-updates	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-34439/	Trust: 0.6

sources: VULHUB: VHN-426755 // CNNVD: CNNVD-202210-1599 // NVD: CVE-2022-34439

SOURCES

db:	VULHUB	id:	VHN-426755
db:	CNNVD	id:	CNNVD-202210-1599
db:	NVD	id:	CVE-2022-34439

LAST UPDATE DATE

2024-08-14T14:10:30.774000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-426755	date:	2022-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202210-1599	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2022-34439	date:	2022-10-24T15:30:18.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-426755	date:	2022-10-21T00:00:00
db:	CNNVD	id:	CNNVD-202210-1599	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-34439	date:	2022-10-21T18:15:10.030