DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities
Résumé: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H  |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Produits concernés et mesure corrective
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
Solutions de contournement et mesures d’atténuation
| CVE | Additional Mitigation |
| CVE-2022-34369 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
| CVE-2022-34371 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2022-08-04 | Initial Release |
Informations connexes
Mention légale
Produits concernés
PowerScale OneFS, Product Security InformationPropriétés de l’article
Numéro d’article: 000202171
Type d’article: Dell Security Advisory
Dernière modification: 08 juin 2023
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.