CVE-2022-34446

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/000205404	Vendor Advisory
https://www.dell.com/support/kbdoc/000205404	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:powerpath_management_appliance:3.2:::::::*
	cpe:2.3:a:dell:powerpath_management_appliance:3.3:::::::*

History

21 Nov 2024, 07:09

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 8.8
References	~~() https://www.dell.com/support/kbdoc/000205404 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/000205404 - Vendor Advisory

21 Jul 2023, 18:59

Type	Values Removed	Values Added
CWE	~~CWE-287~~	NVD-CWE-Other

21 Feb 2023, 17:23

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-11 01:23

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34446

Mitre link : CVE-2022-34446

CVE.ORG link : CVE-2022-34446

JSON object : View

Products Affected

dell

powerpath_management_appliance

CWE

CWE-285

Improper Authorization

NVD-CWE-Other

{"id": "CVE-2022-34446", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-02-11T01:23:24.780", "references": [{"url": "https://www.dell.com/support/kbdoc/000205404", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/000205404", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "\nPowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.\n\n\n\n\n\n"}], "lastModified": "2024-11-21T07:09:35.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerpath_management_appliance:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D92273A9-3C81-4082-9550-DC1497AEDF39"}, {"criteria": "cpe:2.3:a:dell:powerpath_management_appliance:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD7DBFF-1187-4F94-A3A4-95D52E6B3DC4"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}