Skip to main content

Emc Powerscale Onefs CVE-2022-26851

CRITICAL
Use of Insufficiently Random Values (CWE-330)
2022-04-08 security_alert@emc.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 08, 2022 - 20:15 nvd
CRITICAL 9.1

DescriptionNVD

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

AnalysisAI

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-330. Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. Affected products include: Dell Emc Powerscale Onefs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-34371 CRITICAL
9.8 Sep 02

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotect

CVE-2022-22561 CRITICAL
9.8 Apr 12

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. Rat

CVE-2022-26854 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. Rated critical severity (CVSS 9.8),

CVE-2022-26852 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critica

CVE-2021-21502 CRITICAL
9.8 Feb 09

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated cri

CVE-2023-22575 HIGH
8.8 Feb 01

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in cel

CVE-2022-24428 HIGH
8.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation

CVE-2021-36281 HIGH
8.8 Aug 16

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. Rated high se

CVE-2021-21506 HIGH
8.8 Mar 08

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. Rated high seve

CVE-2020-5369 HIGH
8.8 Sep 02

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalat

CVE-2020-5371 HIGH
8.8 Jul 06

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulner

CVE-2023-22574 HIGH
8.1 Feb 01

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in pla

Share

CVE-2022-26851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy