Dell Emc Powerscale Onefs vulnerabilities

CVE-2022-23159 [MEDIUM] CWE-401 CVE-2022-23159: Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Del

CVE-2022-24413 [LOW] CWE-367 CVE-2022-24413: Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.

CVE-2022-22565 [LOW] CWE-612 CVE-2022-22565: Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing s Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.

CVE-2022-26854 [CRITICAL] CWE-327 CVE-2022-26854: Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unpriv Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access

CVE-2022-26851 [CRITICAL] CWE-330 CVE-2022-26851: Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerabi Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

CVE-2022-26852 [CRITICAL] CWE-337 CVE-2022-26852: Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number gene Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.

CVE-2022-24428 [HIGH] CWE-281 CVE-2022-24428: Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an i Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.

CVE-2022-22563 [MEDIUM] CWE-223 CVE-2022-22563: Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.

CVE-2022-26855 [MEDIUM] CWE-276 CVE-2022-26855: Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerabili Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.

CVE-2021-21561 [MEDIUM] CWE-532 CVE-2021-21561: Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This wo Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

CVE-2021-21528 [HIGH] CWE-548 CVE-2021-21528: Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information throug Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

CVE-2021-36305 [MEDIUM] CWE-662 CVE-2021-36305: Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.

CVE-2021-36279 [HIGH] CWE-732 CVE-2021-36279: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

CVE-2021-36281 [HIGH] CWE-732 CVE-2021-36281: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerab Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.

CVE-2021-21594 [MEDIUM] CWE-598 CVE-2021-21594: Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive qu Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

CVE-2021-21595 [MEDIUM] CWE-77 CVE-2021-21595: Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special ele Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunit

CVE-2021-21592 [MEDIUM] CWE-755 CVE-2021-21592: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remot Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.

CVE-2021-21568 [MEDIUM] CVE-2021-21568: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An a Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.

CVE-2021-36278 [MEDIUM] CWE-532 CVE-2021-36278: Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information expos Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same

CVE-2021-36280 [MEDIUM] CWE-732 CVE-2021-36280: Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for crit Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.