CVE-2022-45095

CWE-77Command Injection3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.3%
top 51.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Powerscale OnefsDell Powerscale Onefs
Timeline
PublishedFeb 1

Description

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_powerscale_onefs9.1.0.09.1.0.25+2
CVEListV5dell/powerscale_onefs8.2.x9.4.x

🔴Vulnerability Details

2
GHSA
GHSA-8gqj-v2ww-xm3p: Dell PowerScale OneFS, 82023-02-01
CVEList
CVE-2022-45095: Dell PowerScale OneFS, 82023-02-01
CVE-2022-45095 (MEDIUM CVSS 6.7) | Dell PowerScale OneFS | cvebase.io