Authentication Bypass Vulnerability in Dell CloudLink
CVE-2022-34380

9.3CRITICAL

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 1 September 2022

What is CVE-2022-34380?

Dell CloudLink versions 7.1.3 and earlier are susceptible to an authentication bypass vulnerability that allows a local attacker with high privileges to gain unauthorized access to the CloudLink system console. This vulnerability can be exploited through alternate paths or channels, compromising the integrity of the CloudLink system.

Affected Version(s)

CloudLink < 7.1.4

References

https://www.dell.com/support/kbdoc/en-us/000202058/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2022
Vulnerability Reserved
Jun 23, 2022