Lucene search

DellCVELIST:CVE-2022-32498

HistoryJul 20, 2022 - 8:55 p.m.

CVE-2022-32498

2022-07-2020:55:24

CWE-427

dell

www.cve.org

dell emc powerstore

dll hijacking vulnerability

pstcli

local attacker

arbitrary code

privilege escalation

software allow list solutions

system takeover

ip exposure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

25.9%

JSON

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

CNA Affected

[
  {
    "product": "PowerStore",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "v3.0.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000201283

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

25.9%

JSON

Related for CVELIST:CVE-2022-32498