CVE-2022-34426 Dell Container Storage Modules 1.2 has an improper limitation of a pathname to a restricted directory which could lead to OS command injection.

The vulnerability is present in the goiscsi 7.12 and gobrick 7.12 components. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. An attacker could exploit the vulnerability by sending requests to a REST API with an empty search string that leads to a path outside of the restricted directory. Dell Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintended access to path outside of restricted directory.

CVEs:

Solution

Dell has released a patch for CVE-2022-34426. Dell has released a patch for CVE-2022-34426. Dell has released a patch for CVE-2022-34426.

References:

CVE-2022-34426: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34426
Dell Storage Modules 1.2: https://support.dell.com/support/edocs/systemsmanagement/dsm/pages/operating_systemsmanagement_troubleshooting_guidance

Timeline

Published on: 10/11/2022 17:15:00 UTC
Last modified on: 10/14/2022 14:00:00 UTC

References