Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000203632


DSA-2022-183: Dell GeoDrive Security Update for Multiple Vulnerabilities

Samenvatting: Dell GeoDrive 2.2-P3 remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article content


Impact

High

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-33919 Dell GeoDrive, versions 2.1 - 2.2 contain an information disclosure vulnerability in UI. An authenticated nonadmin user may potentially exploit this vulnerability and view sensitive information. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33920 Dell GeoDrive versions before 2.2 contain Unquoted File Path Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33937 Dell GeoDrive versions before 2.2 contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker may potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server file system, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-33921 Dell GeoDrive versions before 2.2 contain Multiple DLL Hijacking Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context. 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33922 Dell GeoDrive versions before 2.2 contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell Technologies recommends customers to upgrade at the earliest opportunity. 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33918 Dell GeoDrive versions 2.1 - 2.2 contain an information disclosure vulnerability. An authenticated nonadmin user may potentially exploit this vulnerability and gain access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-33919 Dell GeoDrive, versions 2.1 - 2.2 contain an information disclosure vulnerability in UI. An authenticated nonadmin user may potentially exploit this vulnerability and view sensitive information. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33920 Dell GeoDrive versions before 2.2 contain Unquoted File Path Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33937 Dell GeoDrive versions before 2.2 contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker may potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server file system, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-33921 Dell GeoDrive versions before 2.2 contain Multiple DLL Hijacking Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context. 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33922 Dell GeoDrive versions before 2.2 contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell Technologies recommends customers to upgrade at the earliest opportunity. 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33918 Dell GeoDrive versions 2.1 - 2.2 contain an information disclosure vulnerability. An authenticated nonadmin user may potentially exploit this vulnerability and gain access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

Product Affected Versions Updated Versions Link to Update
Dell GeoDrive GeoDrive versions before 2.2-P2  GeoDrive 2.2-P3 https://www.dell.com/support/home/product-support/product/atmos-geodrive-for-windows/drivers
 
Product Affected Versions Updated Versions Link to Update
Dell GeoDrive GeoDrive versions before 2.2-P2  GeoDrive 2.2-P3 https://www.dell.com/support/home/product-support/product/atmos-geodrive-for-windows/drivers
 

Revisiegeschiedenis

RevisionDateDescription
1.02022-09-22Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

Product Security Information

Datum laatst gepubliceerd

22 sep 2022

Versie

1

Artikeltype

Dell Security Advisory