CVE-2022-34427
 
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.
Dell Container Storage Modules versión 1.2, contiene una inyección de comandos del Sistema Operativo en las bibliotecas goiscsi y gobrick. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a una modificación de la ejecución de comandos del Sistema Operativo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-23 CVE Reserved
- 2022-10-11 CVE Published
- 2024-06-04 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.dell.com/support/kbdoc/en-vc/000203352/dsa-2022-259-dell-container-storage-modules-security-update-for-multiple-vulnerabilities | 2022-10-13 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Container Storage Modules Search vendor "Dell" for product "Container Storage Modules" | >= 1.3.0 < 2.0.0 Search vendor "Dell" for product "Container Storage Modules" and version " >= 1.3.0 < 2.0.0" | - |
Affected
|