CVE-2022-34380 - OpenCVE

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Cloudlink

Configuration 1 [-]

cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2022-08-01T00:00:00

Updated: 2022-09-01T18:45:19

Reserved: 2022-06-23T00:00:00

Link: CVE-2022-34380

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-01T19:15:12.527

Modified: 2022-09-07T14:48:10.243

Link: CVE-2022-34380

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "CloudLink", "vendor": "Dell", "versions": [{"lessThan": "7.1.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T18:45:19", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2022-08-01", "ID": "CVE-2022-34380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CloudLink", "version": {"version_data": [{"version_affected": "<", "version_value": "7.1.4"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system."}]}, "impact": {"cvss": {"baseScore": 9.3, "baseSeverity": "Critical", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2022-34380", "datePublished": "2022-08-01T00:00:00", "dateReserved": "2022-06-23T00:00:00", "dateUpdated": "2022-09-01T18:45:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DB2C20C-FD91-4129-814C-F8FCB23927AF", "versionEndExcluding": "7.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system."}, {"lang": "es", "value": "Dell CloudLink versiones 7.1.3 y todas las versiones anteriores contienen una vulnerabilidad de omisi\u00f3n de la autenticaci\u00f3n mediante una ruta o canal alternativo. Un atacante local con altos privilegios puede explotar potencialmente esta vulnerabilidad conllevando a una omisi\u00f3n de la autenticaci\u00f3n y el acceso a la consola del sistema CloudLink. Esto es una vulnerabilidad de gravedad cr\u00edtica, ya que permite al atacante tomar el control del sistema"}], "id": "CVE-2022-34380", "lastModified": "2022-09-07T14:48:10.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2022-09-01T19:15:12.527", "references": [{"source": "security_alert@emc.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security_alert@emc.com", "type": "Secondary"}]}