DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities
Summary: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Bu makale şunlar için geçerlidir:
Bu makale şunlar için geçerli değildir:
Bu makale, belirli bir ürüne bağlı değildir.
Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H  |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34369 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34371 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34378 | Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Etkilenen Ürünler ve Düzeltme
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34369 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34371 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.19 9.2.1.0 through 9.2.1.12 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.20 >= 9.2.1.13 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS | |||
| CVE-2022-34378 | Dell PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.6 9.4.0.0 through 9.4.0.3 Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations". |
>= 9.1.0.21 >= 9.2.1.14 >= 9.3.0.7 >= 9.4.0.4 |
|
| Any other version | Upgrade your version of PowerScale OneFS |
Geçici Çözümler ve Risk Azaltma
| CVE | Additional Mitigation |
| CVE-2022-34369 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
| CVE-2022-34371 | In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP,
|
Revision History
| Revision | Date | Description |
| 1.0 | 2022-08-04 | Initial Release |
Related Information
Yasal Uyarı
Etkilenen Ürünler
PowerScale OneFS, Product Security InformationMakale Özellikleri
Article Number: 000202171
Article Type: Dell Security Advisory
Son Değiştirme: 08 Haz 2023
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.