dell emc-powerscale-onefs CVE-2022-24411 is a vulnerability in Dell Emc Powerscale Onefs
Published on April 12, 2022

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

NVD

Vulnerability Analysis

CVE-2022-24411 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.


Products Associated with CVE-2022-24411

Want to know whenever a new CVE is published for Dell Emc Powerscale Onefs? stack.watch will email you.

Dell Emc Powerscale Onefs
 

Affected Versions

Dell PowerScale OneFS Version 8.2.2 - 9.3.0.x is affected by CVE-2022-24411

Exploit Probability

EPSS
0.05%
Percentile
15.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.