CVE-2022-45095

CVSS 6.7 MEDIUMEPSS 0.6%CWE-77

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.7EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

01 Feb 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Dell · PowerScale OneFS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities