DSA-2022-271: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities
摘要: Dell PowerScale remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23089 | Dell PowerScale OneFS versions 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, 9.3.0.x, and 9.4.0.x contain an Out-of-Bounds Read vulnerability. An attacker with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE may potentially exploit this vulnerability leading to a Denial of Service situation. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| CVE-2022-23091 | Dell PowerScale OneFS, versions 9.1.0.x through 9.4.0.x contains a use after free vulnerability. A low privilege local attacker may potentially exploit this vulnerability, leading to information disclosure, system takeover, or complete outage. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2022-33934 | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | 7.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
| CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x through 9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privilegesmay potentially exploit this vulnerability, leading to full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x through 9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A malicious unauthenticated network user may potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34444 | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2022-34445 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-34454 | Dell PowerScale OneFS, versions 8.2.x-9.3.x contain a heap-based buffer overflow. A local privileged malicious user may potentially exploit this vulnerability, leading to system takeover. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Note: CVE-2022-34454 and CVE-2022-34438 scores 6.7 Medium, however in compliance mode cluster it is 6.7 (Business Critical) as it may affect compliance restrictions.
| Third-party Component | CVEs | CVSS Vector String |
| Cyrus SASL | CVE-2022-24407 | See NVD  for individual scores for each CVE. |
| CVE-2019-19906 | ||
| CVE-2013-4122 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-23089 | Dell PowerScale OneFS versions 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, 9.3.0.x, and 9.4.0.x contain an Out-of-Bounds Read vulnerability. An attacker with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE may potentially exploit this vulnerability leading to a Denial of Service situation. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| CVE-2022-23091 | Dell PowerScale OneFS, versions 9.1.0.x through 9.4.0.x contains a use after free vulnerability. A low privilege local attacker may potentially exploit this vulnerability, leading to information disclosure, system takeover, or complete outage. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2022-33934 | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | 7.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
| CVE-2022-34438 | Dell PowerScale OneFS, versions 8.2.x through 9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privilegesmay potentially exploit this vulnerability, leading to full system compromise. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34439 | Dell PowerScale OneFS, versions 8.2.0.x through 9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A malicious unauthenticated network user may potentially exploit this vulnerability, leading to denial of service and performance issue on that node. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34444 | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2022-34445 | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.0 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
| CVE-2022-34454 | Dell PowerScale OneFS, versions 8.2.x-9.3.x contain a heap-based buffer overflow. A local privileged malicious user may potentially exploit this vulnerability, leading to system takeover. This issue impacts compliance mode clusters. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Note: CVE-2022-34454 and CVE-2022-34438 scores 6.7 Medium, however in compliance mode cluster it is 6.7 (Business Critical) as it may affect compliance restrictions.
| Third-party Component | CVEs | CVSS Vector String |
| Cyrus SASL | CVE-2022-24407 | See NVD for individual scores for each CVE. |
| CVE-2019-19906 | ||
| CVE-2013-4122 |
受影响的产品和补救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-23089 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.4.0.0 through 9.4.0.6 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.4.0.7 |
PowerScale OneFS Downloads Area |
| 9.3.0.0 through 9.3.0.9 | RUP is expected in January 2023. If a fix is needed sooner, upgrade your version of OneFS to = 9.4.0.7. | |||
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23091 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.4.0.0 through 9.4.0.6 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.4.0.7 |
|
| 9.3.0.0 through 9.3.0.9 | RUP is expected in January 2023. If a fix is needed sooner, upgrade your version of OneFS to > = 9.4.0.7. | |||
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-24407 CVE-2019-19906 CVE-2013-4122 |
PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other Version | See DSA-2022-245: Dell PowerScale OneFS Security Update for Multiple Security Updates | |||
| CVE-2022-33934 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.3.0.9 > = 9.4.0.5 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34438 | PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other version | See DSA: DSA-2022-245 | |||
| CVE-2022-34439 | PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other version | See DSA-2022-245: Dell PowerScale OneFS Security Update for Multiple Security Updates | |||
| CVE-2022-34444 | PowerScale OneFS | 9.2.1.0 through 9.2.1.16 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.2.1.17 > = 9.3.0.9 > = 9.4.0.6 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34445 | PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. > = 9.1.0.21 > = 9.2.1.14 > = 9.3.0.9 > = 9.4.0.5 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34454 | PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.7 |
Download and install the latest RUP. > = 9.1.0.21 > = 9.2.1.14 > = 9.3.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-23089 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.4.0.0 through 9.4.0.6 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.4.0.7 |
PowerScale OneFS Downloads Area |
| 9.3.0.0 through 9.3.0.9 | RUP is expected in January 2023. If a fix is needed sooner, upgrade your version of OneFS to = 9.4.0.7. | |||
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23091 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.4.0.0 through 9.4.0.6 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.4.0.7 |
|
| 9.3.0.0 through 9.3.0.9 | RUP is expected in January 2023. If a fix is needed sooner, upgrade your version of OneFS to > = 9.4.0.7. | |||
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-24407 CVE-2019-19906 CVE-2013-4122 |
PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other Version | See DSA-2022-245: Dell PowerScale OneFS Security Update for Multiple Security Updates | |||
| CVE-2022-33934 | PowerScale OneFS | 9.1.0.0 through 9.1.0.23 9.2.1.0 through 9.2.1.16 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. > = 9.1.0.24 > = 9.2.1.17 > = 9.3.0.9 > = 9.4.0.5 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34438 | PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other version | See DSA: DSA-2022-245 | |||
| CVE-2022-34439 | PowerScale OneFS | 9.3.0.0 through 9.3.0.7 | Download and install the latest RUP. > = 9.3.0.9 |
|
| Any other version | See DSA-2022-245: Dell PowerScale OneFS Security Update for Multiple Security Updates | |||
| CVE-2022-34444 | PowerScale OneFS | 9.2.1.0 through 9.2.1.16 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.5 |
Download and install the latest RUP. > = 9.2.1.17 > = 9.3.0.9 > = 9.4.0.6 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34445 | PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.4 |
Download and install the latest RUP. > = 9.1.0.21 > = 9.2.1.14 > = 9.3.0.9 > = 9.4.0.5 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-34454 | PowerScale OneFS | 9.1.0.0 through 9.1.0.20 9.2.1.0 through 9.2.1.13 9.3.0.0 through 9.3.0.7 |
Download and install the latest RUP. > = 9.1.0.21 > = 9.2.1.14 > = 9.3.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2022-11-21 | Initial Release |
相关信息
法律免责声明
受影响的产品
PowerScale OneFS, Product Security Information文章属性
文章编号: 000205618
文章类型: Dell Security Advisory
上次修改时间: 13 2月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。