CVE-2022-45099

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.x through 9.4.x

Description The issue is related to a weak encoding for a NDMP password in Dell PowerScale OneFS. A malicious and privileged local attacker could potentially exploit this, leading to a full system compromise. The vulnerability is associated with weak cryptography of the NDMP password, which may allow an attacker to gain full control over the system.

Recommendations For versions 8.2.x through 9.4.x, consider disabling the NDMP password feature until a patch is available to prevent potential exploitation. Restrict access to privileged local accounts to minimize the risk of exploitation. Avoid using weak passwords for NDMP to reduce the risk of compromise. At the moment, there is no information about a newer version that contains a fix for this vulnerability.