Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000200128


DSA-2022-082: Dell EMC PowerScale OneFS Security Weak Password Requirement Vulnerability

Samenvatting: Dell EMC PowerScale OneFS remediation is available for a vulnerability that may be exploited by malicious users to compromise the affected system.

Article content


Impact

High

Gegevens

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-29098 Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-29098 Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 

Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVE Addressed  Affected Versions Updated Versions Link to Update
CVE-2022-29098 9.0.0, 9.1.1.x, and 9.2.0.x Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." PowerScale OneFS Downloads Area
9.1.0.x, 9.2.1.x, and 9.3.0.x Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations."
CVE Addressed  Affected Versions Updated Versions Link to Update
CVE-2022-29098 9.0.0, 9.1.1.x, and 9.2.0.x Upgrade your version of OneFS and follow the additional steps in "Workarounds and Mitigations." PowerScale OneFS Downloads Area
9.1.0.x, 9.2.1.x, and 9.3.0.x Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations."

Tijdelijke oplossingen en beperkingen

CVE addressed Workarounds and Mitigations
CVE-2022-29098 Ensure that the user creation procedure recommends assigning a password to all newly created user accounts which meets your company's complexity requirements.
For those accounts that were created before implementing this policy, ensure the users update their password.

Revisiegeschiedenis

RevisionDateDescription
1.02022-04-30Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

PowerScale OneFS

Product

Product Security Information

Datum laatst gepubliceerd

31 mei 2022

Versie

2

Artikeltype

Dell Security Advisory