CVE-2022-26851 — Use of Insufficiently Random Values in Dell Powerscale Onefs

CWE-330 — Use of Insufficiently Random Values3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs Dell EMC Powerscale Onefs

Timeline

PublishedApr 8

Latest updateApr 9

Description

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5dell/powerscale_onefsunspecified — 8.2.x, 9.0.0.x, 9.1.0.x, 9.1.1.x (Super Tubes), 9.2.0.x (Empire), 9.2.1.x (Flying Scotsman), 9.3.0.x (Gotham),

▶NVDdell/emc_powerscale_onefs8.2.2 — 9.3.0.0

🔴Vulnerability Details

GHSA

GHSA-3w5x-77vf-5frq: Dell PowerScale OneFS, 8↗2022-04-09

▶

CVEList

CVE-2022-26851: Dell PowerScale OneFS, 8↗2022-04-08

▶