CVE-2022-45104 — Command Injection in Dell Evasa Provider Virtual Appliance

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

3.1%

top 13.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Evasa Provider Virtual Appliance Dell Solutions Enabler Virtual Appliance Dell Unisphere FOR Powermax Virtual Appliance +1 more

Timeline

PublishedFeb 11

Description

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5dell/unisphere_for_powermax_vapp9.2.3.x

▶NVDdell/evasa_provider_virtual_appliance< 9.2.4.15

▶NVDdell/solutions_enabler_virtual_appliance< 9.2.3.6+1

▶NVDdell/unisphere< 9.2.4.26

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvfm-9q64-4r88: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9↗2023-02-11

▶

CVEList

CVE-2022-45104: Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9↗2023-02-10

▶