CVE-2022-22555 - Vulnerability Details - OpenCVE

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Emc Powerstore 1200t Emc Powerstore 1200t Firmware Emc Powerstore 3200t Emc Powerstore 3200t Firmware Emc Powerstore 500t Emc Powerstore 500t Firmware Emc Powerstore 5200t Emc Powerstore 5200t Firmware Emc Powerstore 9200t Emc Powerstore 9200t Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:emc_powerstore_500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_500t:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:emc_powerstore_1200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_1200t:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:emc_powerstore_3200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_3200t:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:emc_powerstore_5200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_5200t:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:emc_powerstore_9200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:emc_powerstore_9200t:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/000201283

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2022-07-20T20:55:14.252577Z

Updated: 2024-09-16T19:47:30.743Z

Reserved: 2022-01-04T00:00:00

Link: CVE-2022-22555

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-21T04:15:11.657

Modified: 2024-11-21T06:47:01.060

Link: CVE-2022-22555

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PowerStore", "vendor": "Dell", "versions": [{"lessThan": "X and T models", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T20:55:14", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000201283"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2022-07-07", "ID": "CVE-2022-22555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerStore", "version": {"version_data": [{"version_affected": "<", "version_value": "X and T models"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege."}]}, "impact": {"cvss": {"baseScore": 6, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000201283", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000201283"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.708Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/000201283"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2022-22555", "datePublished": "2022-07-20T20:55:14.252577Z", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-09-16T19:47:30.743Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_500t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E7999B2-9790-43D7-A231-0206A36AEC3C", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_500t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F396420-8007-401C-985E-436C227B42A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_1200t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "761D6F6E-D4BF-4B83-8EED-19DF784BB223", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_1200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB705779-4464-447D-BFB6-63073FFC026F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_3200t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "191F6EDA-88C2-4C18-89B5-0D6200FD15CE", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_3200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "C19A09B3-64C4-4FBF-91DA-782E117FD0F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_5200t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "428A51ED-C8B5-4FC0-84E2-D74D2B3F7447", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_5200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "E67E33BD-8D23-4B30-83A6-B2105ACF5EFC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_powerstore_9200t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BD1DB6E-CB42-4A67-98D6-23F0E88BDEE5", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_powerstore_9200t:-:*:*:*:*:*:*:*", "matchCriteriaId": "20FD2CBE-D0CE-442C-B961-E8DE951A4645", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege."}, {"lang": "es", "value": "Dell EMC PowerStore, contiene una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo. Un atacante autenticado localmente podr\u00eda potencialmente explotar esta vulnerabilidad, conllevando a una ejecuci\u00f3n de comandos de SO arbitrarios en el SO subyacente de PowerStore, con los privilegios de la aplicaci\u00f3n vulnerable. La explotaci\u00f3n puede conllevar a una elevaci\u00f3n de privilegios"}], "id": "CVE-2022-22555", "lastModified": "2024-11-21T06:47:01.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-21T04:15:11.657", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000201283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000201283"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}