DSA-2022-295: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities
摘要: Dell PowerScale remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-45100 | Dell PowerScale OneFS versions 8.2.x - 9.3.x contain an Improper Certificate Validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a full compromise of the system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45099 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a weak encoding for an NDMP password. A malicious and privileged local attacker may potentially exploit this vulnerability, leading to a full system compromise. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45101 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure and remote execution. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45095 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster may potentially exploit this vulnerability, leading to running arbitrary commands, denial of service, information disclosure, and data deletion. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45097 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Incorrect User Management vulnerability. A low privileged network attacker may potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45098 | Dell PowerScale OneFS versions 9.0.0.x-9.4.0.x contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
| CVE-2022-45096 | Dell PowerScale OneFS versions 8.2.0 through 9.3.0 contain a User Interface Security Issue. An unauthenticated remote user may unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| Third-party Component | CVEs | CVSS Vector String |
| FreeBSD | CVE-2022-23090 | See FreeBSD Security Advisory for details. |
| urllib3 |
CVE-2021-33503 | See NVD for individual scores for each CVE. |
| CVE-2020-7212 | ||
| CVE-2020-26137 | ||
| zsh | CVE-2021-45444 | See NVD for details. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-45100 | Dell PowerScale OneFS versions 8.2.x - 9.3.x contain an Improper Certificate Validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to a full compromise of the system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45099 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a weak encoding for an NDMP password. A malicious and privileged local attacker may potentially exploit this vulnerability, leading to a full system compromise. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45101 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to information disclosure and remote execution. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45095 | Dell PowerScale OneFS versions 8.2.x - 9.4.x contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster may potentially exploit this vulnerability, leading to running arbitrary commands, denial of service, information disclosure, and data deletion. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-45097 | Dell PowerScale OneFS versions 9.0.0.x - 9.4.0.x contain an Incorrect User Management vulnerability. A low privileged network attacker may potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-45098 | Dell PowerScale OneFS versions 9.0.0.x-9.4.0.x contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker may potentially exploit this vulnerability, leading to information disclosure. | 6.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
| CVE-2022-45096 | Dell PowerScale OneFS versions 8.2.0 through 9.3.0 contain a User Interface Security Issue. An unauthenticated remote user may unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| Third-party Component | CVEs | CVSS Vector String |
| FreeBSD | CVE-2022-23090 | See FreeBSD Security Advisory for details. |
| urllib3 |
CVE-2021-33503 | See NVD for individual scores for each CVE. |
| CVE-2020-7212 | ||
| CVE-2020-26137 | ||
| zsh | CVE-2021-45444 | See NVD for details. |
受影响的产品和补救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-45100 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45099 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23090 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-33503, CVE-2020-7212, CVE-2020-26137 |
PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.3.0.9 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45101 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-45444 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45095 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45097 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45098 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45096 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-45100 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
PowerScale OneFS Downloads Area |
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45099 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 9.3.0.0 through 9.3.0.6 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 > = 9.3.0.7 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-23090 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-33503, CVE-2020-7212, CVE-2020-26137 |
PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.3.0.0 through 9.3.0.7 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.3.0.9 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45101 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2021-45444 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45095 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45097 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45098 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. | |||
| CVE-2022-45096 | PowerScale OneFS | 9.1.0.0 through 9.1.0.24 9.2.1.0 through 9.2.1.17 9.4.0.0 through 9.4.0.8 |
Download and install the latest RUP. > = 9.1.0.25 > = 9.2.1.18 > = 9.4.0.9 |
|
| Any other version | Upgrade your version of PowerScale OneFS. |
解决方法和缓解措施
| CVEs | Workarounds |
| CVE-2022-45096 | Avoid manually starting or restarting disabled Likewise services. If disabled Likewise services are manually started, manually stop the affected services. |
| CVE-2022-45100 | Avoid using Secure Remote Services until the patch is applied on the cluster. |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2022-12-13 | Initial Release |
| 1.1 | 2022-12-22 | Updated CVE link for CVE-2022-23090 (FreeBSD) |
相关信息
法律免责声明
受影响的产品
PowerScale OneFS产品
Product Security Information文章属性
文章编号: 000206357
文章类型: Dell Security Advisory
上次修改时间: 19 9月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。