Article Number: 000201667
High
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-31232 | SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
CVE-2022-31232 | SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
CVE-2022-31232 | SmartFabric Storage Software | 1.0.0 | 1.1.0 | https://www.dell.com/support/home/product-support/product/dell-emc-smartfabric-storage-software-trial/drivers |
CVEs Addressed | Product | Affected Version | Updated Version | Link to Update |
CVE-2022-31232 | SmartFabric Storage Software | 1.0.0 | 1.1.0 | https://www.dell.com/support/home/product-support/product/dell-emc-smartfabric-storage-software-trial/drivers |
If RADIUS and TACACS authentication is not a requirement, then customers can run the "rm /etc/ham/libnss_sac.enable" command to mitigate the vulnerability. If RADIUS and TACACS are a requirement, then customers must update.
Revision | Date | Description |
1.0 | 2022-07-19 | Initial Release |
SmartFabric OS10 Software
Product Security Information
13 Jun 2023
Dell Security Advisory