CVE-2022-29098

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x

Description The issue is related to a weak password requirement, allowing an administrator to create an account with no password. A remote attacker may potentially exploit this, leading to a user account compromise. This could result in privilege escalation.

Recommendations For Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, ensure that all user accounts have strong passwords set. As a temporary workaround, consider restricting access to user account creation until a patch is available. Additionally, limit privileges for newly created accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.