CVE-2022-45095

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.x through 9.4.x

Description The issue is related to a command injection vulnerability. An authenticated user with access to the local shell and the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to the execution of arbitrary commands, denial of service, information disclosure, and data deletion. The vulnerability is associated with a lack of input data sanitization, which could allow an attacker to execute arbitrary commands, disclose protected information, or cause a denial of service.

Recommendations For Dell PowerScale OneFS versions 8.2.x through 9.4.x, consider disabling local shell access and restricting privileges to gather logs from the cluster until a patch is available. As a temporary workaround, restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.