Multiple vulnerabilities in Dell PowerScale OneFS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 49 |
| CVE-ID | CVE-2021-36299 CVE-2022-34417 CVE-2022-34418 CVE-2022-34419 CVE-2022-34420 CVE-2022-34421 CVE-2022-34422 CVE-2022-34423 CVE-2022-44640 CVE-2022-0778 CVE-2021-20235 CVE-2021-21581 CVE-2022-34415 CVE-2021-21580 CVE-2021-21579 CVE-2021-21578 CVE-2021-21577 CVE-2021-21576 CVE-2021-36301 CVE-2021-36300 CVE-2022-34435 CVE-2021-3712 CVE-2021-36348 CVE-2021-36347 CVE-2022-34416 CVE-2022-34414 CVE-2021-33103 CVE-2022-26343 CVE-2022-32231 CVE-2021-0154 CVE-2021-0153 CVE-2021-33123 CVE-2021-0190 CVE-2021-33122 CVE-2021-0189 CVE-2021-33124 CVE-2021-0159 CVE-2022-34413 CVE-2021-0188 CVE-2021-0155 CVE-2022-34377 CVE-2022-34376 CVE-2022-34406 CVE-2022-34407 CVE-2022-34408 CVE-2022-34409 CVE-2022-34410 CVE-2022-34411 CVE-2022-34412 |
| CWE-ID | CWE-89 CWE-119 CWE-835 CWE-787 CWE-79 CWE-74 CWE-601 CWE-20 CWE-264 CWE-125 CWE-121 CWE-441 CWE-284 CWE-665 CWE-248 CWE-691 CWE-823 CWE-466 CWE-252 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #10 is available. |
| Vulnerable software Subscribe |
PowerScale OneFS Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 49 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU66207
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36299
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU79416
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34417
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU79426
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34418
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU79425
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34419
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU79424
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34420
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU79432
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34421
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU79431
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34422
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU79430
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34423
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU69364
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44640
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ASN.1 codec in Heimdal. The ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker. A remote attacker can execute arbitrary code on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU61391
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0778
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Out-of-bounds write
EUVDB-ID: #VU66176
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20235
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in src/decoder_allocators.hpp. A remote attacker can send a specially crafted request to the zeromq server and trigger a buffer overflow write of arbitrary data if CURVE/ZAP authentication is not enabled.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Cross-site scripting
EUVDB-ID: #VU66210
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21581
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU79420
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34415
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU62645
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21580
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a Content spoofing / Text injection. A remote attacker can inject text to present a customized message on the application and phish users into believing that the message is legitimate.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Open redirect
EUVDB-ID: #VU62642
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21579
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Open redirect
EUVDB-ID: #VU62639
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21578
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Cross-site scripting
EUVDB-ID: #VU62637
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21577
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Cross-site scripting
EUVDB-ID: #VU62636
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21576
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds write
EUVDB-ID: #VU79520
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36301
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote privileged user can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU66209
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36300
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or cause information disclosure.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU75574
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34435
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Racadm when the firmware lock-down configuration is set. A remote privileged user can bypass the firmware lock-down configuration and perform a firmware update.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU56064
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3712
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU66170
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36348
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information or perform a denial of service attack.
The vulnerability exists due to an unspecified error in iDRAC9. A remote usee can exploit this vulnerability to gain access to sensitive information or perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Stack-based buffer overflow
EUVDB-ID: #VU66164
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-36347
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. An authenticated remote user with high privileges can exploit this vulnerability to control process execution and gain access to the iDRAC operating system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU79419
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34416
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU79421
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34414
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can create a specially crafted Office document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Unintended proxy or intermediary
EUVDB-ID: #VU63178
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33103
CWE-ID:
CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to presence of an unintended proxy in the BIOS authenticated code module. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper access control
EUVDB-ID: #VU72449
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26343
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in the BIOS firmware. A local privileged user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper Initialization
EUVDB-ID: #VU72451
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32231
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in the BIOS firmware. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU63081
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the BIOS firmware. A local user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds write
EUVDB-ID: #VU63082
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0153
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the BIOS firmware. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper access control
EUVDB-ID: #VU63083
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33123
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to improper access restrictions in the BIOS authenticated code module. A local user can obtain elevated privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Uncaught Exception
EUVDB-ID: #VU63099
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0190
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncaught exception in the BIOS firmware. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Insufficient Control Flow Management
EUVDB-ID: #VU63175
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33122
CWE-ID:
CWE-691 - Insufficient Control Flow Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient control flow management in the BIOS firmware. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU63176
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0189
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use of out-of-range pointer offset in the BIOS firmware. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds write
EUVDB-ID: #VU63177
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33124
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the BIOS authenticated code module. A local user can run a specially crafted program to trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU63179
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0159
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the BIOS authenticated code module. A local user can pass specially crafted data to the affected module and execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU79408
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Return of pointer value outside of expected range
EUVDB-ID: #VU63180
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0188
CWE-ID:
CWE-466 - Return of pointer value outside of expected range
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error in the BIOS firmware. A local user can force the firmware to return pointer value outside of expected range and gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Unchecked Return Value
EUVDB-ID: #VU63181
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0155
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to unchecked return value in the BIOS firmware. A local user can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU79427
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU79428
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34376
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU79401
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34406
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU79403
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34407
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU79405
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34408
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU79404
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34409
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU79411
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34410
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU79410
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34411
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU79409
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34412
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to Improper SMM communication buffer verification. A local privileged user can send a specially crafted data, trigger memory corruption and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: before 11.7
CPE2.3Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
