CVE-2022-34380

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*

History

07 Sep 2022, 14:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dell:cloudlink::::::::
CWE		CWE-287
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2
References	~~(CONFIRM) https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities -~~	(CONFIRM) https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities - Mitigation, Patch, Vendor Advisory

01 Sep 2022, 19:29

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-01 19:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-34380

Mitre link : CVE-2022-34380

CVE.ORG link : CVE-2022-34380

JSON object : View

Products Affected

dell

cloudlink

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-34380", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2022-09-01T19:15:12.527", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system."}, {"lang": "es", "value": "Dell CloudLink versiones 7.1.3 y todas las versiones anteriores contienen una vulnerabilidad de omisi\u00f3n de la autenticaci\u00f3n mediante una ruta o canal alternativo. Un atacante local con altos privilegios puede explotar potencialmente esta vulnerabilidad conllevando a una omisi\u00f3n de la autenticaci\u00f3n y el acceso a la consola del sistema CloudLink. Esto es una vulnerabilidad de gravedad cr\u00edtica, ya que permite al atacante tomar el control del sistema"}], "lastModified": "2022-09-07T14:48:10.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DB2C20C-FD91-4129-814C-F8FCB23927AF", "versionEndExcluding": "7.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}