CVE-2022-45095
Last modified
CVE-2022-45095 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. . EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Powerscale Onefs | >= 9.1.0.0, < 9.1.0.25 |
| Dell | Emc Powerscale Onefs | >= 9.2.1.0, < 9.2.1.18 |
| Dell | Emc Powerscale Onefs | >= 9.4.0.0, < 9.4.0.9 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-45095?
How severe is CVE-2022-45095?
How do I fix CVE-2022-45095?
Are you affected by CVE-2022-45095?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST