Plateforme
dell
Composant
dell-emc-cloudlink
Corrigé dans
7.1.3
CVE-2022-34379 describes an Authentication Bypass vulnerability affecting Dell EMC CloudLink versions up to 7.1.3. This flaw allows a remote attacker, possessing knowledge of Active Directory usernames, to potentially bypass authentication controls and gain unauthorized access to the system. The vulnerability was published on September 1, 2022, and a fix is available in version 7.1.3.
The impact of CVE-2022-34379 is severe. Successful exploitation allows an attacker to bypass authentication and gain unauthorized access to the Dell EMC CloudLink system. This could lead to data breaches, system compromise, and potential disruption of services. Attackers could leverage this access to steal sensitive data, modify configurations, or even gain control of the entire CloudLink environment. The ability to leverage existing Active Directory credentials significantly lowers the barrier to entry for attackers, increasing the likelihood of exploitation.
CVE-2022-34379 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's severity and ease of exploitation (requiring only knowledge of Active Directory usernames) suggest a potential for future exploitation. The vulnerability was publicly disclosed on September 1, 2022.
Organizations heavily reliant on Dell EMC CloudLink for their cloud management and orchestration needs are at significant risk. Specifically, environments with weak Active Directory password policies or those lacking multi-factor authentication are particularly vulnerable. Shared hosting environments utilizing CloudLink also present a heightened risk due to potential cross-tenant access.
• windows / dell:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -Message contains 'CloudLink'"• linux / server:
journalctl -u cloudlink | grep -i authentication• generic web:
curl -I https://<cloudlink_ip>/admin/login.jsp | grep -i 'WWW-Authenticate'disclosure
patch
Statut de l'Exploit
EPSS
1.41% (percentile 80%)
Vecteur CVSS
The primary mitigation for CVE-2022-34379 is to upgrade Dell EMC CloudLink to version 7.1.3 or later. If immediate upgrading is not feasible, consider implementing stricter Active Directory password policies and multi-factor authentication to reduce the risk of credential compromise. Review and restrict access permissions within CloudLink to limit the potential impact of a successful breach. Monitor CloudLink logs for suspicious authentication attempts and unauthorized access patterns.
Mettez à jour Dell EMC CloudLink à la version 7.1.3 ou ultérieure. Cette mise à jour corrige la vulnérabilité de contournement d'authentification. Consultez le bulletin de sécurité de Dell pour plus de détails et des instructions de mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2022-34379 is a critical vulnerability in Dell EMC CloudLink versions up to 7.1.3 that allows remote attackers with Active Directory username knowledge to bypass authentication and gain unauthorized access.
You are affected if you are running Dell EMC CloudLink versions prior to 7.1.3. Verify your version and upgrade immediately if vulnerable.
Upgrade Dell EMC CloudLink to version 7.1.3 or later to remediate the vulnerability. Implement stricter Active Directory policies as an interim measure.
While no widespread exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a potential for future attacks.
Refer to the official Dell Security Advisory: https://www.dell.com/support/kbdoc/en-us/000193568/security-update-for-dell-emc-cloudlink-authentication-bypass-vulnerability
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.