CVE-2022-31229 – Dell PowerScale OneFS versions 8.2.x through 9.... (How to Fix)

Q: What is the severity of CVE-2022-31229?

CVE-2022-31229 has a CVSS score of 9.6 (CRITICAL). Dell PowerScale OneFS versions 8.2.x through 9.3.0.x contain an error message that leaks sensitive information. This vulnerability allows administrators to potentially access sensitive resources they shouldn't have access to. Only Dell PowerScale OneFS systems running affected versions are impacted.

📋 TL;DR

Dell PowerScale OneFS versions 8.2.x through 9.3.0.x contain an error message that leaks sensitive information. This vulnerability allows administrators to potentially access sensitive resources they shouldn't have access to. Only Dell PowerScale OneFS systems running affected versions are impacted.

💻 Affected Systems

Products:

Dell PowerScale OneFS

Versions: 8.2.x through 9.3.0.x

Operating Systems: OneFS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with administrator access; regular users are not impacted.

📦 What is this software?

Powerscale Onefs by Dell

View all CVEs affecting Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator gains unauthorized access to sensitive resources, potentially compromising the entire storage system and data.

🟠

Likely Case

Privileged administrator exploits the vulnerability to access restricted sensitive information or resources.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to information disclosure without resource compromise.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires administrator privileges to exploit; involves triggering specific error conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.0.1 and later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000200681/dsa-2022-118-dell-emc-powerscale-onefs-security-update

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Dell Support. 2. Apply the patch following Dell's update procedures. 3. Restart the OneFS system to complete the update.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator accounts to only trusted personnel and implement strict access controls.

Enhanced Monitoring

all

Monitor error logs for suspicious activity and implement alerting for sensitive information disclosure.

🧯 If You Can't Patch

Implement strict least-privilege access controls for all administrator accounts.
Deploy enhanced monitoring and alerting for error messages containing sensitive information.

🔍 How to Verify

Check if Vulnerable:

Check OneFS version via CLI: 'isi version' and verify if it's between 8.2.x and 9.3.0.x.

Check Version:

isi version

Verify Fix Applied:

After patching, run 'isi version' to confirm version is 9.3.0.1 or later.

📡 Detection & Monitoring

Log Indicators:

Error messages containing sensitive information in system logs
Unusual administrator activity triggering error conditions

SIEM Query:

source="OneFS" AND ("error" OR "sensitive" OR "disclosure")

📊 Metadata

CVE ID: CVE-2022-31229

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-209

Published: June 28, 2022

Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31229, you might also want to check these: