CVE-2022-22561 – Dell PowerScale OneFS versions 8.2.x through 9.... (How to Fix)

Q: What is the severity of CVE-2022-22561?

CVE-2022-22561 has a CVSS score of 8.1 (HIGH). Dell PowerScale OneFS versions 8.2.x through 9.3.0.x have an authentication rate limiting vulnerability that allows unauthenticated remote attackers to perform brute-force attacks. This could lead to compromised administrative or user accounts on affected storage systems.

📋 TL;DR

Dell PowerScale OneFS versions 8.2.x through 9.3.0.x have an authentication rate limiting vulnerability that allows unauthenticated remote attackers to perform brute-force attacks. This could lead to compromised administrative or user accounts on affected storage systems.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: 8.2.x through 9.3.0.x

Operating Systems: OneFS operating system

Default Config Vulnerable: ⚠️ Yes

Notes: All PowerScale clusters running affected OneFS versions are vulnerable in default configuration.

📦 What is this software?

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the storage system, allowing data theft, destruction, or ransomware deployment across the entire storage infrastructure.

🟠

Likely Case

Attackers compromise user accounts with weak passwords, gaining access to sensitive data stored on the affected PowerScale systems.

🟢

If Mitigated

Attack attempts are detected and blocked by network controls, with strong passwords preventing successful brute-force.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing systems particularly vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Brute-force attacks are well-understood and easily automated, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OneFS 9.4.0.0 and later

Vendor Advisory: https://www.dell.com/support/kbdoc/000195815

Restart Required: No

Instructions:

1. Check current OneFS version with 'isi version'. 2. If vulnerable, upgrade to OneFS 9.4.0.0 or later following Dell's upgrade procedures. 3. No cluster restart required for patch application.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to PowerScale management interfaces to trusted networks only

Account Lockout Policy

all

Implement external authentication with account lockout policies via LDAP/AD integration

🧯 If You Can't Patch

Implement strict network segmentation to isolate PowerScale management interfaces
Enforce strong password policies and multi-factor authentication for all accounts

🔍 How to Verify

Check if Vulnerable:

Run 'isi version' on PowerScale node and check if version is between 8.2.x and 9.3.0.x

Check Version:

isi version

Verify Fix Applied:

Run 'isi version' and confirm version is 9.4.0.0 or higher

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from single IP
Unusual authentication patterns in access logs

Network Indicators:

High volume of authentication requests to PowerScale management ports
Brute-force patterns in network traffic

SIEM Query:

source="powerscale" AND (event_type="authentication_failure" AND count > 10 within 5 minutes)

📊 Metadata

CVE ID: CVE-2022-22561

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-307

Published: April 12, 2022

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/000195815 Patch,Vendor Advisory
https://www.dell.com/support/kbdoc/000195815 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22561, you might also want to check these: