Skip to main content

Emc Powerscale Onefs CVE-2022-26855

MEDIUM
Incorrect Default Permissions (CWE-276)
2022-04-08 security_alert@emc.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 08, 2022 - 20:15 nvd
MEDIUM 5.5

DescriptionNVD

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.

AnalysisAI

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. Affected products include: Dell Emc Powerscale Onefs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.

CVE-2022-34371 CRITICAL
9.8 Sep 02

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotect

CVE-2022-22561 CRITICAL
9.8 Apr 12

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. Rat

CVE-2022-26854 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. Rated critical severity (CVSS 9.8),

CVE-2022-26852 CRITICAL
9.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critica

CVE-2021-21502 CRITICAL
9.8 Feb 09

Dell PowerScale OneFS versions 8.1.0 - 9.1.0 contain a "use of SSH key past account expiration" vulnerability. Rated cri

CVE-2022-26851 CRITICAL
9.1 Apr 08

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. Rated critical

CVE-2023-22575 HIGH
8.8 Feb 01

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in cel

CVE-2022-24428 HIGH
8.8 Apr 08

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation

CVE-2021-36281 HIGH
8.8 Aug 16

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. Rated high se

CVE-2021-21506 HIGH
8.8 Mar 08

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. Rated high seve

CVE-2020-5369 HIGH
8.8 Sep 02

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalat

CVE-2020-5371 HIGH
8.8 Jul 06

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulner

Share

CVE-2022-26855 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy