Headline
CVE-2022-33918: DSA-2022-183: Dell GeoDrive Security Update for Multiple Vulnerabilities
Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-33919
Dell GeoDrive, versions 2.1 - 2.2 contain an information disclosure vulnerability in UI. An authenticated nonadmin user may potentially exploit this vulnerability and view sensitive information.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33920
Dell GeoDrive versions before 2.2 contain Unquoted File Path Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33937
Dell GeoDrive versions before 2.2 contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker may potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server file system, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-33921
Dell GeoDrive versions before 2.2 contain Multiple DLL Hijacking Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context.
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33922
Dell GeoDrive versions before 2.2 contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell Technologies recommends customers to upgrade at the earliest opportunity.
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33918
Dell GeoDrive versions 2.1 - 2.2 contain an information disclosure vulnerability. An authenticated nonadmin user may potentially exploit this vulnerability and gain access to sensitive information.
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-33919
Dell GeoDrive, versions 2.1 - 2.2 contain an information disclosure vulnerability in UI. An authenticated nonadmin user may potentially exploit this vulnerability and view sensitive information.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33920
Dell GeoDrive versions before 2.2 contain Unquoted File Path Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33937
Dell GeoDrive versions before 2.2 contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker may potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server file system, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-33921
Dell GeoDrive versions before 2.2 contain Multiple DLL Hijacking Vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to execution of arbitrary code in the SYSTEM security context.
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33922
Dell GeoDrive versions before 2.2 contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker may potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell Technologies recommends customers to upgrade at the earliest opportunity.
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33918
Dell GeoDrive versions 2.1 - 2.2 contain an information disclosure vulnerability. An authenticated nonadmin user may potentially exploit this vulnerability and gain access to sensitive information.
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Versiohistoria
Revision
Date
Description
1.0
2022-09-22
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
22 syysk. 2022