The vulnerability is present in the goiscsi 7.12 and gobrick 7.12 components. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. Dell Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintended access to path outside of restricted directory.

CVEs:

Solution

Dell has released a patch for CVE-2022-34426. Dell has released a patch for CVE-2022-34426. Dell has released a patch for CVE-2022-34426.

References:

CVE-2022-34426: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34426
Dell Storage Modules 1.2: https://support.dell.com/support/edocs/systemsmanagement/dsm/pages/operating_systemsmanagement_troubleshooting_guidance

Timeline

Published on: 10/11/2022 17:15:00 UTC
Last modified on: 10/14/2022 14:00:00 UTC

References