Lucene search

DellCVE-2022-32498

HistoryJul 21, 2022 - 4:15 a.m.

CVE-2022-32498

2022-07-2104:15:12

CWE-427

dell

web.nvd.nist.gov

cve-2022-32498

dell emc powerstore

dll hijacking

pstcli

vulnerability

security

exploit

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.9%

JSON

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

Affected configurations

Nvd

Vulners

Node

dellpowerstore_command_line_interfaceRange<3.0.0.0-1732745linux

VendorProductVersionCPE
dellpowerstore_command_line_interface*cpe:2.3:a:dell:powerstore_command_line_interface:*:*:*:*:*:linux:*:*

Vendor	Product	Version	CPE
dell	powerstore_command_line_interface	*	cpe:2.3:a:dell:powerstore_command_line_interface::::::linux::*

CNA Affected

[
  {
    "product": "PowerStore",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "v3.0.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000201283

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for CVE-2022-32498