CVE-2022-34380

Опубликовано: 01 сент. 2022

Источник: nvd

CVSS3: 9.3

CVSS3: 8.2

EPSS Низкий

Описание

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Ссылки

https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities
Mitigation
Patch
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*

Версия до 7.1.4 (исключая)

EPSS

Процентиль: 15%

0.00049

Низкий

9.3 Critical

CVSS3

8.2 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-pv49-7hj2-g6cv

CVSS3: 8.2

github

больше 3 лет назад

EPSS

Процентиль: 15%

0.00049

Низкий

9.3 Critical

CVSS3

8.2 High

CVSS3

Дефекты

CWE-287