cvelistv5 - cve-2022-34445

CVE-2022-34445 (GCVE-0-2022-34445)

Vulnerability from cvelistv5 – Published: 2023-02-10 20:41 – Updated: 2025-03-26 15:14

Summary

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-261 - Weak Encoding for Password

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00020561…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerScale OneFS	Affected: 8.2.x , ≤ 9.3.x (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:15:15.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-34445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T14:34:05.753105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T15:14:49.440Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.3.x",
              "status": "affected",
              "version": "8.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-21T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-261",
              "description": "CWE-261: Weak Encoding for Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-10T20:41:15.512Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-34445",
    "datePublished": "2023-02-10T20:41:15.512Z",
    "dateReserved": "2022-06-23T18:55:17.130Z",
    "dateUpdated": "2025-03-26T15:14:49.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"970B8ACA-30D2-47D6-9085-43A68849A72A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E04CBA2-7632-4919-85BF-C1D79757F318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06C0C848-CE4B-4B66-A488-9F74AC8441B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30687628-5C7F-4BB5-B990-93703294FDF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68291D44-DBE1-4923-A848-04E64288DC23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCC55FA4-AD91-4DA6-B60E-A4E34DDAE95A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B948CD53-3D17-4230-9B77-FCE8E0E548B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AB99A1A-8DD3-4DDE-B70C-0E91D1D3B682\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61F14753-D64C-4E8B-AA94-07E014848B4D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\\n\\n\\n\\n\\n\\n\"}]",
      "id": "CVE-2022-34445",
      "lastModified": "2024-11-21T07:09:34.933",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}]}",
      "published": "2023-02-11T01:23:24.697",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-261\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-34445\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2023-02-11T01:23:24.697\",\"lastModified\":\"2024-11-21T07:09:34.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-261\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"970B8ACA-30D2-47D6-9085-43A68849A72A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E04CBA2-7632-4919-85BF-C1D79757F318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C0C848-CE4B-4B66-A488-9F74AC8441B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30687628-5C7F-4BB5-B990-93703294FDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68291D44-DBE1-4923-A848-04E64288DC23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC55FA4-AD91-4DA6-B60E-A4E34DDAE95A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B948CD53-3D17-4230-9B77-FCE8E0E548B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AB99A1A-8DD3-4DDE-B70C-0E91D1D3B682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F14753-D64C-4E8B-AA94-07E014848B4D\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T09:15:15.136Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-34445\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T14:34:05.753105Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T14:34:45.923Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"PowerScale OneFS\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.2.x\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.3.x\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-11-21T17:00:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cdiv\u003e\u003cdiv\u003eDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\u003c/div\u003e\u003c/div\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-261\", \"description\": \"CWE-261: Weak Encoding for Password\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2023-02-10T20:41:15.512Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-34445\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-26T15:14:49.440Z\", \"dateReserved\": \"2022-06-23T18:55:17.130Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2023-02-10T20:41:15.512Z\", \"assignerShortName\": \"dell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-202302-0761

Vulnerability from variot - Updated: 2023-12-18 13:00

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0761",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.2.1"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.0.0"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1.1"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.2"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.3.0"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.2.0"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "9.1.0"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.0"
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "8.2.1"
      },
      {
        "model": "powerscale onefs",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      },
      {
        "model": "powerscale onefs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      }
    ]
  },
  "cve": "CVE-2022-34445",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "security_alert@emc.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.5,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-34445",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-34445",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "security_alert@emc.com",
            "id": "CVE-2022-34445",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202302-769",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. Dell PowerScale OneFS There are vulnerabilities in inadequate protection of credentials.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-34445"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-34445",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-426761",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-34445",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "id": "VAR-202302-0761",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:00:19.517000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DSA-2022-271",
        "trust": 0.8,
        "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
      },
      {
        "title": "Dell PowerScale OneFS Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226225"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-34445 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.0
      },
      {
        "problemtype": "Inadequate protection of credentials (CWE-522) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-326",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34445"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-34445/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-34445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "date": "2023-02-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "date": "2023-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "date": "2023-02-11T01:23:24.697000",
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "date": "2023-02-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-426761"
      },
      {
        "date": "2023-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-34445"
      },
      {
        "date": "2023-09-13T06:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      },
      {
        "date": "2023-11-07T03:48:41.937000",
        "db": "NVD",
        "id": "CVE-2022-34445"
      },
      {
        "date": "2023-07-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell\u00a0PowerScale\u00a0OneFS\u00a0 Vulnerability regarding insufficient protection of authentication information in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013902"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202302-769"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2022-34445

Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2024-11-21 07:09

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	powerscale_onefs	8.2.0
dell	powerscale_onefs	8.2.1
dell	powerscale_onefs	8.2.2
dell	powerscale_onefs	9.0.0
dell	powerscale_onefs	9.1.0
dell	powerscale_onefs	9.1.1
dell	powerscale_onefs	9.2.0
dell	powerscale_onefs	9.2.1
dell	powerscale_onefs	9.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "970B8ACA-30D2-47D6-9085-43A68849A72A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E04CBA2-7632-4919-85BF-C1D79757F318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C0C848-CE4B-4B66-A488-9F74AC8441B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30687628-5C7F-4BB5-B990-93703294FDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68291D44-DBE1-4923-A848-04E64288DC23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC55FA4-AD91-4DA6-B60E-A4E34DDAE95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B948CD53-3D17-4230-9B77-FCE8E0E548B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB99A1A-8DD3-4DDE-B70C-0E91D1D3B682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F14753-D64C-4E8B-AA94-07E014848B4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nDell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.\n\n\n\n\n\n"
    }
  ],
  "id": "CVE-2022-34445",
  "lastModified": "2024-11-21T07:09:34.933",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-11T01:23:24.697",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-261"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2023-12613

Vulnerability from cnvd - Published: 2023-02-28

Title

Dell PowerScale OneFS加密问题漏洞（CNVD-2023-12613）

Description

Dell PowerScale OneFS是美国戴尔（Dell）公司的一个操作系统。提供横向扩展NAS的PowerScale OneFS操作系统。 Dell PowerScale OneFS存在加密问题漏洞，该漏洞源于对密码的弱编码。恶意的本地特权攻击者可利用该漏洞导致信息泄露。

Severity

中

Patch Name

Dell PowerScale OneFS加密问题漏洞（CNVD-2023-12613）的补丁

Patch Description

Dell PowerScale OneFS是美国戴尔（Dell）公司的一个操作系统。提供横向扩展NAS的PowerScale OneFS操作系统。 Dell PowerScale OneFS存在加密问题漏洞，该漏洞源于对密码的弱编码。恶意的本地特权攻击者可利用该漏洞导致信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271

Reference

https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271

Impacted products

Name
DELL PowerScale OneFS >=8.2.，<=9.3.

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-34445",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-34445"
    }
  },
  "description": "Dell PowerScale OneFS\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u6a2a\u5411\u6269\u5c55NAS\u7684PowerScale OneFS\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nDell PowerScale OneFS\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5bc6\u7801\u7684\u5f31\u7f16\u7801\u3002\u6076\u610f\u7684\u672c\u5730\u7279\u6743\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-12613",
  "openTime": "2023-02-28",
  "patchDescription": "Dell PowerScale OneFS\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u6a2a\u5411\u6269\u5c55NAS\u7684PowerScale OneFS\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nDell PowerScale OneFS\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u5bc6\u7801\u7684\u5f31\u7f16\u7801\u3002\u6076\u610f\u7684\u672c\u5730\u7279\u6743\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell PowerScale OneFS\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2023-12613\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "DELL PowerScale OneFS \u003e=8.2.*\uff0c\u003c=9.3.*"
  },
  "referenceLink": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271",
  "serverity": "\u4e2d",
  "submitTime": "2023-02-15",
  "title": "Dell PowerScale OneFS\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2023-12613\uff09"
}

GHSA-Q557-C2GH-WM95

Vulnerability from github – Published: 2023-02-11 03:32 – Updated: 2023-02-21 18:30

Details

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-34445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-261",
      "CWE-326",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-11T01:23:00Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
  "id": "GHSA-q557-c2gh-wm95",
  "modified": "2023-02-21T18:30:24Z",
  "published": "2023-02-11T03:32:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34445"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-34445

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-34445

Aliases

CVE-2022-34445

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-34445",
    "description": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
    "id": "GSD-2022-34445"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-34445"
      ],
      "details": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.",
      "id": "GSD-2022-34445",
      "modified": "2023-12-13T01:19:19.341418Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "ID": "CVE-2022-34445",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PowerScale OneFS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "8.2.x",
                          "version_value": "9.3.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-261",
                "lang": "eng",
                "value": "CWE-261: Weak Encoding for Password"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:9.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:powerscale_onefs:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2022-34445"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000205618/dsa-2022-271"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-21T18:49Z",
      "publishedDate": "2023-02-11T01:23Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-34445 (GCVE-0-2022-34445)

VAR-202302-0761

FKIE_CVE-2022-34445

CNVD-2023-12613

GHSA-Q557-C2GH-WM95

GSD-2022-34445

Tags

Sightings

Nomenclature