CVE-2022-23159

low-risk
Published 2022-04-12

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.

Do I need to act?

-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/000196009
Patch https://www.dell.com/support/kbdoc/000196009
21
/ 100
low-risk
Severity 15/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal