CVE-2022-34380 Vulnerability Details

  /     /     /  

CVE-2022-34380 Metadata Quick Info

CVE Published: 01/09/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: dell | Vendor: Dell | Product: CloudLink
Status : PUBLISHED

---

CVE-2022-34380 Description

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Metrics

CVSS Version: 3.1 | Base Score: 9.3 CRITICAL
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287: Improper Authentication
Source: Dell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).