Cloudlink Dell Cloudlink

Do you want an email whenever new security vulnerabilities are reported in Dell Cloudlink?

By the Year

In 2022 there have been 3 vulnerabilities in Dell Cloudlink with an average score of 8.2 out of ten. Last year Cloudlink had 2 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.02.

Year Vulnerabilities Average Score
2022 3 8.17
2021 2 8.15
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Cloudlink vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Cloudlink Security Vulnerabilities

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2022-34380 8.2 - High - September 01, 2022

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

authentification

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability

CVE-2022-34379 9.8 - Critical - September 01, 2022

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

authentification

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests

CVE-2022-24414 6.5 - Medium - May 26, 2022

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

Information Disclosure

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability

CVE-2021-36313 7.2 - High - November 23, 2021

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Shell injection

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability

CVE-2021-36312 9.1 - Critical - November 23, 2021

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.

Use of Hard-coded Password

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Dell Cloudlink or by Dell? Click the Watch button to subscribe.

Dell
Vendor

subscribe