First published: Tue Apr 12 2022(Updated: )
Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC PowerScale OneFS | >=8.1.0<=9.2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Dell EMC PowerScale OneFS vulnerability is CVE-2022-22560.
Dell EMC PowerScale OneFS 8.1.x - 9.1.x are affected by this vulnerability.
This vulnerability has a severity level of high.
A local user with knowledge of the hard coded credentials can login as the admin user to the backend Ethernet switch of a PowerScale cluster and take the switch offline.
Yes, Dell has provided a fix for this vulnerability. Please refer to the reference link for more information.