Risk | Low |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2022-23816 CVE-2022-23825 CVE-2022-26373 CVE-2022-28693 CVE-2022-29901 |
CWE-ID | CWE-843 CWE-264 CWE-1037 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Dell EMC VxRail Appliance Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Dell |
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU65219
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23816
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC VxRail Appliance: before 4.5.490
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65204
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23825
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsDell EMC VxRail Appliance: before 4.5.490
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66549
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-26373
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell EMC VxRail Appliance: before 4.5.490
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65221
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-28693
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to unprotected alternative channel of return branch target prediction. A local user can gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsDell EMC VxRail Appliance: before 4.5.490
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65220
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-29901
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsDell EMC VxRail Appliance: before 4.5.490
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?