CVE-2022-24411

Published: Apr 12, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

Affected (1)

Products: Dell: Emc Powerscale Onefs

1 product

Emc Powerscale Onefs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Powerscale Onefs	From 8.2.2 to 9.3.0

Related CWEs

Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.dell.com/support/kbdoc/000196657

Source: security_alert@emc.com

Permissions RequiredVendor Advisory

https://www.dell.com/support/kbdoc/000196657

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.