DSA-2022-295: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities
Summary: Dell PowerScale remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-45100 | Dell PowerScale OneFS versions 8.2.x - 9.3.x contain an Improper Certificate Validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a full compromise of the system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45099 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a weak encoding for an NDMP password. A malicious and privileged local attacker may potentially exploit this vulnerability, leading to a full system compromise. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45101 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure and remote execution. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45095 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster may potentially exploit this vulnerability, leading to running arbitrary commands, denial of service, information disclosure, and data deletion. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45097 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Incorrect User Management vulnerability. A low privileged network attacker may potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45098 | Dell PowerScale OneFS versions 9.0.0.x-9.4.0.x contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
| CVE-2022-45096 | Dell PowerScale OneFS versions 8.2.0 through 9.3.0 contain a User Interface Security Issue. An unauthenticated remote user may unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| Third-party Component | CVEs | CVSS Vector String |
| FreeBSD | CVE-2022-23090 | See FreeBSD Security Advisory for details. |
| urllib3 |
CVE-2021-33503 | See NVD for individual scores for each CVE. |
| CVE-2020-7212 | ||
| CVE-2020-26137 | ||
| zsh | CVE-2021-45444 | See NVD for details. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-45100 | Dell PowerScale OneFS versions 8.2.x - 9.3.x contain an Improper Certificate Validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a full compromise of the system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45099 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a weak encoding for an NDMP password. A malicious and privileged local attacker may potentially exploit this vulnerability, leading to a full system compromise. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45101 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure and remote execution. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45095 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster may potentially exploit this vulnerability, leading to running arbitrary commands, denial of service, information disclosure, and data deletion. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45097 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Incorrect User Management vulnerability. A low privileged network attacker may potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45098 | Dell PowerScale OneFS versions 9.0.0.x-9.4.0.x contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
| CVE-2022-45096 | Dell PowerScale OneFS versions 8.2.0 through 9.3.0 contain a User Interface Security Issue. An unauthenticated remote user may unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| Third-party Component | CVEs | CVSS Vector String |
| FreeBSD | CVE-2022-23090 | See FreeBSD Security Advisory for details. |
| urllib3 |
CVE-2021-33503 | See NVD for individual scores for each CVE. |
| CVE-2020-7212 | ||
| CVE-2020-26137 | ||
| zsh | CVE-2021-45444 | See NVD for details. |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-45100 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45099 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23090 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-33503, CVE-2020-7212, CVE-2020-26137 |
PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.3.0.9 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45101 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-45444 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45095 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45097 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45098 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45096 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-45100 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45099 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23090 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-33503, CVE-2020-7212, CVE-2020-26137 |
PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.3.0.9 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45101 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-45444 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45095 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45097 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45098 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45096 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
Workarounds & Mitigations
| CVEs | Workarounds |
| CVE-2022-45096 | Avoid manually starting or restarting disabled Likewise services. If disabled Likewise services are manually started, manually stop the affected services. |
| CVE-2022-45100 | Avoid using Secure Remote Services until the patch is applied on the cluster. |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-12-13 | Initial Release |
| 1.1 | 2022-12-22 | Updated CVE link for CVE-2022-23090 (FreeBSD) |
Related Information
Legal Disclaimer
Affected Products
PowerScale OneFSProducts
Product Security InformationArticle Properties
Article Number: 000206357
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.