PT-2022-22149 · Dell · Dell Powerscale Onefs
Published
2022-09-02
·
Updated
2023-08-08
·
CVE-2022-34371
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19
Dell PowerScale OneFS version 9.2.1.12
Dell PowerScale OneFS version 9.3.0.6
Dell PowerScale OneFS version 9.4.0.3
Description
The issue concerns an unprotected transport of credentials, which could be exploited by a malicious unprivileged network attacker, potentially leading to full system compromise.
Recommendations
For versions 9.0.0 up to and including 9.1.0.19, consider applying a patch or configuration change to protect credential transport.
For version 9.2.1.12, consider applying a patch or configuration change to protect credential transport.
For version 9.3.0.6, consider applying a patch or configuration change to protect credential transport.
For version 9.4.0.3, consider applying a patch or configuration change to protect credential transport.
As a temporary workaround, consider restricting network access to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerscale Onefs