Improper Access Control in Dell XtremIO X2 Management Software
CVE-2022-34453

7.6HIGH

Key Information:

Vendor: Dell
Status: Xtremio X2
Vendor: CVE Published:; 3 August 2023

Summary

Dell XtremIO X2 Management Software versions preceding 6-4-1.11 are susceptible to an improper access control vulnerability. This allows remote read-only users to execute commands that can add or delete Quality of Service (QoS) policies, which are typically disabled by default. This flaw poses a risk to the integrity of the management software, potentially leading to unauthorized configurations and alterations.

Affected Version(s)

XtremIO X2 All releases prior to 6.4.1-11

References

https://www.dell.com/support/kbdoc/en-us/000204809/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jun 23, 2022