Passer au contenu principal
Quitter

Bienvenue dans l’univers Dell

Mon compte
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Profitez de récompenses et de remises réservées aux membres
  • Créez et accédez à une liste de vos produits
Se connecter Créer un compte Connexion au compte Premier Connexion au programme de partenariat
Nous contacter

Vos paniers Dell.com

DSA-2022-172: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities

Résumé: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Cet article concerne   Cet article ne concerne pas 
Consulter les ressources pour

Impact

High

Détails

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34369 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-34371 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-34378 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34369 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker may potentially exploit this vulnerability, leading to exposure of this sensitive data. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-34371 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3 contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker may potentially exploit this vulnerability, leading to full system compromise. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-34378 Dell PowerScale OneFS versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 contain a relative path traversal vulnerability. A low privileged local attacker may potentially exploit this vulnerability, leading to denial of service. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommande à tous les clients de prendre en compte à la fois le score de base CVSS et les scores temporels et environnementaux pertinents qui peuvent avoir un impact sur la gravité potentielle associée à une faille de sécurité donnée.

Produits concernés et mesure corrective

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-34369 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".		 >= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4		 PowerScale OneFS Downloads Area
Any other version Upgrade your version of PowerScale OneFS
CVE-2022-34371 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.19
9.2.1.0 through 9.2.1.12
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".		 >= 9.1.0.20
>= 9.2.1.13
>= 9.3.0.7
>= 9.4.0.4
Any other version Upgrade your version of PowerScale OneFS
CVE-2022-34378 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".
 		 >= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4
Any other version Upgrade your version of PowerScale OneFS
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-34369 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".		 >= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4		 PowerScale OneFS Downloads Area
Any other version Upgrade your version of PowerScale OneFS
CVE-2022-34371 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.19
9.2.1.0 through 9.2.1.12
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".		 >= 9.1.0.20
>= 9.2.1.13
>= 9.3.0.7
>= 9.4.0.4
Any other version Upgrade your version of PowerScale OneFS
CVE-2022-34378 Dell PowerScale OneFS 9.1.0.0 through 9.1.0.20
9.2.1.0 through 9.2.1.13
9.3.0.0 through 9.3.0.6
9.4.0.0 through 9.4.0.3
Download and install the latest RUP and follow the additional steps in "Workarounds and Mitigations".
 		 >= 9.1.0.21
>= 9.2.1.14
>= 9.3.0.7
>= 9.4.0.4
Any other version Upgrade your version of PowerScale OneFS

Solutions de contournement et mesures d’atténuation

CVE  Additional Mitigation
CVE-2022-34369 In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP, 
  1. Dell always recommends to use a secure/encrypted transport when sending logs to Dell.
  2. Dell recommends to change passwords for enabled accounts in the System zone file provider.  Which can be identified via:  isi auth users list --provider=lsa-file-provider:System -v | grep -e "Name: " -e "Enabled: " | grep -B 1 "Enabled: Yes"
CVE-2022-34371 In addition to upgrading your version of Dell PowerScale OneFS or downloading and installing the latest RUP, 
  1. Dell always recommends to use a secure/encrypted transport when sending logs to Dell.
  2. Dell recommends to change passwords for enabled accounts in the System zone file provider.  Which can be identified via:  isi auth users list --provider=lsa-file-provider:System -v | grep -e "Name: " -e "Enabled: " | grep -B 1 "Enabled: Yes"

Historique des révisions

RevisionDateDescription
1.0 2022-08-04Initial Release

Informations connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Mention légale

Produits concernés

PowerScale OneFS, Product Security Information