CVE-2022-33937

Name of the Vulnerable Software and Affected Versions Dell GeoDrive versions 1.0 through 2.2

Description The issue concerns a Path Traversal Vulnerability in the reporting function of Dell GeoDrive. This vulnerability could allow a local, low-privileged attacker to gain unauthorized delete access to files stored on the server filesystem with the privileges of the GeoDrive service, which has NT AUTHORITYSYSTEM privileges. The vulnerability exists due to incorrect restriction of the path name to a directory with limited access, potentially allowing an attacker to exploit it and gain unauthorized access to delete files.

Recommendations For Dell GeoDrive versions 1.0 through 2.2, consider restricting access to the reporting function until a patch is available. As a temporary workaround, limit the privileges of the GeoDrive service to minimize potential damage from exploitation. Avoid using the vulnerable reporting function in Dell GeoDrive until the issue is resolved.