DSA-2022-202: Dell Container Storage Modules Security Update for Multiple Vulnerabilities
Résumé: Dell Container Storage Modules remediation is available for goiscsi and gobrick that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34374 | Dell Container Storage Modules 1.2 contains an operating system command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to run arbitrary operating system commands on the affected system. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  |
| CVE-2022-34375 | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34374 | Dell Container Storage Modules 1.2 contains an operating system command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to run arbitrary operating system commands on the affected system. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34375 | Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Produits concernés et mesure corrective
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34374 | Dell Container Storage Modules | Versions before 1.3 | 1.4 | https://github.com/dell/goiscsi https://github.com/dell/gobrick |
| CVE-2022-34375 | Dell Container Storage Modules | Versions before 1.3 | 1.4 | https://github.com/dell/goiscsi https://github.com/dell/gobrick |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34374 | Dell Container Storage Modules | Versions before 1.3 | 1.4 | https://github.com/dell/goiscsi https://github.com/dell/gobrick |
| CVE-2022-34375 | Dell Container Storage Modules | Versions before 1.3 | 1.4 | https://github.com/dell/goiscsi https://github.com/dell/gobrick |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2022-07-25 | Initial Release |
Informations connexes
Mention légale
Produits concernés
Product Security InformationPropriétés de l’article
Numéro d’article: 000201835
Type d’article: Dell Security Advisory
Dernière modification: 13 juin 2023
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.