DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities
Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H  |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
Workarounds & Mitigations
| CVE | Additional Mitigation |
| CVE-2022-34369 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
| CVE-2022-34371 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
Revision History
| Revision | Date | Description |
| 1.0 | 2022-08-04 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFS, Product Security InformationArticle Properties
Article Number: 000202171
Article Type: Dell Security Advisory
Last Modified: 08 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.