Multiple vulnerabilities in Dell PowerScale OneFS



Risk High
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2022-0778
CVE-2021-3711
CVE-2021-3712
CVE-2021-30004
CVE-2020-8670
CVE-2017-5715
CVE-2023-25537
CVE-2023-0215
CVE-2023-0286
CVE-2022-4450
CVE-2022-4304
CVE-2022-32231
CVE-2022-26343
CVE-2021-38578
CWE-ID CWE-835
CWE-119
CWE-125
CWE-20
CWE-362
CWE-200
CWE-787
CWE-416
CWE-843
CWE-415
CWE-208
CWE-665
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
PowerScale OneFS
Hardware solutions / Firmware

Vendor Dell

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Buffer overflow

EUVDB-ID: #VU56063

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3711

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in EVP_PKEY_decrypt() function within implementation of the SM2 decryption. A remote attacker can send specially crafted SM2 content for decryption to trigger a buffer overflow by 62 bytes and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU56064

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3712

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU59106

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30004

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to insufficient validation of user-supplied input in tls/pkcs1.c and tls/x509v3.c files in wpa_supplicant and hostapd when handling AlgorithmIdentifier parameters. A remote attacker can pass specially crafted input to the application and perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU54162

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8670

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the firmware . A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Out-of-bounds write

EUVDB-ID: #VU76168

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25537

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in System Management Mode. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU71995

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0215

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Type Confusion

EUVDB-ID: #VU71992

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0286

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double Free

EUVDB-ID: #VU71996

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4450

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU71993

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4304

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.

To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Initialization

EUVDB-ID: #VU72451

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32231

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper access control

EUVDB-ID: #VU72449

Risk: Low

CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26343

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in the BIOS firmware. A local privileged user can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU75395

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38578

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in MdeModulePkg/Core/PiSmmCore/PiSmmCore.c. A local user trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 12.0

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000220650/dsa-2023-459-security-update-for-dell-powerscale-onefs-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###