Impact
Critical
Détails
| Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2022-26851 |
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to telemetry data loss for Dell. |
9.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
| CVE-2022-26852 |
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-26854 |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-24428 |
Dell PowerScale OneFS, versions 8.2.x - 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account with the ISI_PRIV_SMB role could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. |
6.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-26855 |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| CVE-2022-22563 |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
4.4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
| Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2022-26851 |
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to telemetry data loss for Dell. |
9.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
| CVE-2022-26852 |
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-26854 |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. |
8.1 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-24428 |
Dell PowerScale OneFS, versions 8.2.x - 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account with the ISI_PRIV_SMB role could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. |
6.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2022-26855 |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| CVE-2022-22563 |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
4.4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.
| CVE(s) Addressed |
Affected Version(s) |
Updated Version(s) |
Link to Update |
| CVE-2022-26851 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26852 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26854 |
9.0.0, 9.1.1.x, 9.2.0.x,
9.2.1.x, 9.3.0.x |
Upgrade your version of OneFS |
| 9.1.0.x |
Download and install the latest RUP |
| 9.4.0.x |
Contains the fix upon release |
| CVE-2022-24428 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26855 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-22563 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE(s) Addressed |
Affected Version(s) |
Updated Version(s) |
Link to Update |
| CVE-2022-26851 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26852 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26854 |
9.0.0, 9.1.1.x, 9.2.0.x,
9.2.1.x, 9.3.0.x |
Upgrade your version of OneFS |
| 9.1.0.x |
Download and install the latest RUP |
| 9.4.0.x |
Contains the fix upon release |
| CVE-2022-24428 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-26855 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
| CVE-2022-22563 |
9.0.0, 9.1.1.x, 9.2.0.x |
Upgrade your version of OneFS |
| 9.1.0.x, 9.2.1.x, 9.3.0.x |
Download and install the latest RUP |
Solutions de contournement et mesures d’atténuation
| CVE(s) Addressed |
Workaround and/or mitigation |
| CVE-2022-26851 |
none |
| CVE-2022-26852 |
none |
| CVE-2022-26854 |
Manually set the isi ssh settings to remove the KEy eXchange algorithms that are deprecated
1- To modify the supported key exchange algorithms (KEX algorithms): #isi ssh settings modify --kex-algorithms="curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,
ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256" 2- Alternatively you may upgrade to Dell EMC PowerScale OneFS 9.4.0.0 which contains the fix
NOTE: The above is the default list with diffie-hellman-group14-sha1 removed. |
| CVE-2022-24428 |
none |
| CVE-2022-26855 |
none |
| CVE-2022-22563 |
none |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2022-04-04 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Produits concernés
PowerScale OneFS, Product Security Information