CVE-2022-31228 Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability
The specific version of XtremIO where this vulnerability is present is not publicly released. The only way to know if your XtremIO system is vulnerable is by checking the XtremIO version. For example, if the version listed in the XtremIO settings is prior to X2 6.4.0-22, then your XtremIO system is vulnerable and you should immediately patch the system.
In order to patch your XtremIO system quickly and easily, we recommend contacting your system administrator.
What is the severity of this vulnerability?
This vulnerability has been assigned a CVSS Base Score of 7.
CVSS is an industry standard for measuring the severity and likelihood of vulnerabilities in software. This score represents the base risk and is relative to other software or applications that are considered vulnerable based on their relative complexity and the type of attack used to exploit them.
How to determine the XtremIO version
To determine the XtremIO version, you can use the following steps:
1. Browse to the XtremIO Settings menu
2. On the left side of the menu, you should see a drop-down menu with a heading called "version." If your system has been patched or if this is a new installation, you should see "X2 6.4.0-22." If your system is vulnerable and needs to be patched, then it will show as "Unreleased" or "Unsupported."
3. Selecting an older version of XtremIO for your system will display all of the upgrade options for that version of XtremIO.
Timeline
Published on: 10/12/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:13:00 UTC