Details of VAR-202302-0437

ID

VAR-202302-0437

CVE

CVE-2022-45095

TITLE

Dell PowerScale OneFS Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012305

DESCRIPTION

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. Dell PowerScale OneFS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-45095 // JVNDB: JVNDB-2022-012305 // VULHUB: VHN-442690 // VULMON: CVE-2022-45095

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.4.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lt	version:	9.4.0.9	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.2.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lt	version:	9.2.1.18	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lt	version:	9.1.0.25	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-012305 // NVD: CVE-2022-45095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-45095
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2022-45095
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-012305
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-009
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-45095
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-012305
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-012305 // CNNVD: CNNVD-202302-009 // NVD: CVE-2022-45095 // NVD: CVE-2022-45095

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-442690 // JVNDB: JVNDB-2022-012305 // NVD: CVE-2022-45095

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-009

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-009

PATCH

title:	DSA-2022-295	url:	https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities	Trust: 0.8
title:	Dell PowerScale OneFS Fixes for command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224363	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-45095	Trust: 0.1

sources: VULMON: CVE-2022-45095 // JVNDB: JVNDB-2022-012305 // CNNVD: CNNVD-202302-009

EXTERNAL IDS

db:	NVD	id:	CVE-2022-45095	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-012305	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-009	Trust: 0.6
db:	VULHUB	id:	VHN-442690	Trust: 0.1
db:	VULMON	id:	CVE-2022-45095	Trust: 0.1

sources: VULHUB: VHN-442690 // VULMON: CVE-2022-45095 // JVNDB: JVNDB-2022-012305 // CNNVD: CNNVD-202302-009 // NVD: CVE-2022-45095

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-45095	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-45095/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-45095	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-442690 // VULMON: CVE-2022-45095 // JVNDB: JVNDB-2022-012305 // CNNVD: CNNVD-202302-009 // NVD: CVE-2022-45095

SOURCES

db:	VULHUB	id:	VHN-442690
db:	VULMON	id:	CVE-2022-45095
db:	JVNDB	id:	JVNDB-2022-012305
db:	CNNVD	id:	CNNVD-202302-009
db:	NVD	id:	CVE-2022-45095

LAST UPDATE DATE

2024-08-14T15:42:00.441000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-442690	date:	2023-02-08T00:00:00
db:	VULMON	id:	CVE-2022-45095	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-012305	date:	2023-08-29T03:27:00
db:	CNNVD	id:	CNNVD-202302-009	date:	2023-02-09T00:00:00
db:	NVD	id:	CVE-2022-45095	date:	2023-11-07T03:54:33.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-442690	date:	2023-02-01T00:00:00
db:	VULMON	id:	CVE-2022-45095	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-012305	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202302-009	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2022-45095	date:	2023-02-01T05:15:12.630