CVE-2022-45095

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

Published: Feb 1, 2023
Updated: Nov 8, 2023
CVE: CVE-2022-45095
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
dell / emc_powerscale_onefs	9.1.0.0	9.1.0.25
dell / emc_powerscale_onefs	9.2.1.0	9.2.1.18
dell / emc_powerscale_onefs	9.4.0.0	9.4.0.9

https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

Vulnerability Database

289,697

CVE-2022-45095