Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-34380

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Published

2022-09-01T19:15:12.527

Last Modified

2024-11-21T07:09:23.513

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.3 (CRITICAL)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	cloudlink	< 7.1.4	Yes

References

https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities Mitigation, Patch, Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000202058/dsa-2022-210-dell-emc-cloudlink-security-update-for-multiple-security-vulnerabilities Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)