Skip to main content

Emc Powerscale Onefs CVE-2022-24413

LOW
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2022-04-12 security_alert@emc.com
3.6
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.6 LOW
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 12, 2022 - 18:15 nvd
LOW 3.6

DescriptionNVD

Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.

AnalysisAI

Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. Rated low severity (CVSS 3.6). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-367. Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. Affected products include: Dell Emc Powerscale Onefs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-34371 CRITICAL
9.8 Sep 02

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotect

CVE-2022-22561 CRITICAL
9.8 Apr 12

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. Rat

CVE-2022-26854 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. Rated critical severity (CVSS 9.8),

CVE-2022-26852 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critica

CVE-2021-21502 CRITICAL
9.8 Feb 09

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated cri

CVE-2022-26851 CRITICAL
9.1 Apr 08

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. Rated critical

CVE-2023-22575 HIGH
8.8 Feb 01

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in cel

CVE-2022-24428 HIGH
8.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation

CVE-2021-36281 HIGH
8.8 Aug 16

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. Rated high se

CVE-2021-21506 HIGH
8.8 Mar 08

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. Rated high seve

CVE-2020-5369 HIGH
8.8 Sep 02

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalat

CVE-2020-5371 HIGH
8.8 Jul 06

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulner

Share

CVE-2022-24413 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy