Login Sign Up

CVE-2022-45099

7.8 HIGH

📋 TL;DR

This vulnerability in Dell PowerScale OneFS involves weak encoding for NDMP passwords, allowing a malicious privileged local attacker to potentially compromise the entire system. It affects versions 8.2.x through 9.4.x of Dell PowerScale OneFS.

💻 Affected Systems

Products:
  • Dell PowerScale OneFS
Versions: 8.2.x-9.4.x
Operating Systems: OneFS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires NDMP service to be configured and a malicious privileged local attacker.

📦 What is this software?

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

Emc Powerscale Onefs by Dell

View all CVEs affecting Emc Powerscale Onefs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to complete control over the PowerScale cluster, data exfiltration, and potential lateral movement to connected systems.

🟠

Likely Case

Privileged local attacker gains elevated access to the OneFS system, potentially accessing sensitive data and disrupting operations.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized access attempts that can be detected and contained.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local privileged access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OneFS 9.5.0.0 and later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000206357/dell-emc-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2022-282. 2. Upgrade to OneFS 9.5.0.0 or later. 3. Apply all security patches. 4. Restart affected services.

🔧 Temporary Workarounds

Disable NDMP Service

linux

If NDMP functionality is not required, disable the service to eliminate the attack vector.

isi ndmp disable

Restrict Local Access

all

Implement strict access controls to limit local privileged users who could exploit this vulnerability.

🧯 If You Can't Patch

  • Implement network segmentation to isolate PowerScale systems from critical infrastructure.
  • Enhance monitoring and logging for suspicious local privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check OneFS version with 'isi version' command. If version is between 8.2.x and 9.4.x, system is vulnerable.

Check Version:

isi version

Verify Fix Applied:

Verify version is 9.5.0.0 or later using 'isi version' command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual NDMP authentication attempts
  • Privilege escalation patterns in system logs
  • Unauthorized access to sensitive files

Network Indicators:

  • Unexpected NDMP traffic patterns
  • Anomalous data transfers from PowerScale systems

SIEM Query:

source="powerscale" AND (event_type="authentication" OR event_type="privilege_escalation") AND result="failure"

📊 Metadata

CVE ID: CVE-2022-45099
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-261
Published: February 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45099, you might also want to check these:

CVE-2025-31229 9.1

This vulnerability allows VoiceOver, Apple's screen reader accessibility feature, to audibly read de...

Same vulnerability type (CWE-261)
CVE-2021-21507 8.8

Dell networking devices with vulnerable firmware versions use weak password encryption, allowing rem...

Same vulnerability type (CWE-261)
CVE-2024-45273 8.4

CVE-2024-45273 allows an unauthenticated local attacker to decrypt device configuration files due to...

Same vulnerability type (CWE-261)