CVE-2022-22555

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/000201283	Vendor Advisory
https://www.dell.com/support/kbdoc/000201283	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_500t:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_1200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_1200t:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_3200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_3200t:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_5200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_5200t:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:emc_powerstore_9200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_9200t:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.7~~	v2 : unknown v3 : 6.0
References	~~() https://www.dell.com/support/kbdoc/000201283 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/000201283 - Vendor Advisory

Information

Published : 2022-07-21 04:15

Updated : 2024-11-21 06:47

NVD link : CVE-2022-22555

Mitre link : CVE-2022-22555

CVE.ORG link : CVE-2022-22555

JSON object : View

Products Affected

dell

emc_powerstore_9200t
emc_powerstore_1200t
emc_powerstore_5200t
emc_powerstore_500t
emc_powerstore_5200t_firmware
emc_powerstore_500t_firmware
emc_powerstore_3200t_firmware
emc_powerstore_9200t_firmware
emc_powerstore_3200t
emc_powerstore_1200t_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-22555", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2022-07-21T04:15:11.657", "references": [{"url": "https://www.dell.com/support/kbdoc/000201283", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/000201283", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege."}, {"lang": "es", "value": "Dell EMC PowerStore, contiene una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo. Un atacante autenticado localmente podr\u00eda potencialmente explotar esta vulnerabilidad, conllevando a una ejecuci\u00f3n de comandos de SO arbitrarios en el SO subyacente de PowerStore, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede conllevar a una elevaci\u00f3n de privilegios"}], "lastModified": "2024-11-21T06:47:01.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_500t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E7999B2-9790-43D7-A231-0206A36AEC3C", "versionEndExcluding": "3.0.0.0-1732745"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_500t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F396420-8007-401C-985E-436C227B42A9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_1200t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "761D6F6E-D4BF-4B83-8EED-19DF784BB223", "versionEndExcluding": "3.0.0.0-1732745"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_1200t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FB705779-4464-447D-BFB6-63073FFC026F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_3200t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "191F6EDA-88C2-4C18-89B5-0D6200FD15CE", "versionEndExcluding": "3.0.0.0-1732745"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_3200t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C19A09B3-64C4-4FBF-91DA-782E117FD0F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_5200t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428A51ED-C8B5-4FC0-84E2-D74D2B3F7447", "versionEndExcluding": "3.0.0.0-1732745"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_5200t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E67E33BD-8D23-4B30-83A6-B2105ACF5EFC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_9200t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BD1DB6E-CB42-4A67-98D6-23F0E88BDEE5", "versionEndExcluding": "3.0.0.0-1732745"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_9200t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20FD2CBE-D0CE-442C-B961-E8DE951A4645"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}