Dell EMC PowerScale OneFS security bypass | CVE-2022-29098
NAME
Dell EMC PowerScale OneFS security bypass
- Platforms Affected:
Dell EMC PowerScale OneFS 9.0.0
Dell EMC PowerScale OneFS 8.2.0
Dell EMC PowerScale OneFS 8.8.0
Dell EMC PowerScale OneFS 8.2.2
Dell EMC PowerScale OneFS 9.1.0
Dell EMC PowerScale OneFS 9.2.0
Dell EMC PowerScale OneFS 9.2.1
Dell EMC PowerScale OneFS 9.1.1
Dell EMC PowerScale OneFS 9.3.0 - Risk Level:
8.1 - Exploitability:
Unproven - Consequences:
Bypass Security
DESCRIPTION
Dell EMC PowerScale OneFS could allow a remote attacker to bypass security restrictions, caused by weak password requirements. An attacker could exploit this vulnerability to create an account without requiring a password, leading to a user account compromise.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: High
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Dell DSA Identifier: DSA-2022-082 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.dell.com/support/kbdoc/en-us/000200128/dsa-2022-082-dell-emc-powerscale-onefs-security-update?lang=en - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29098
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
