Design/Logic Flaw

2023-06-2207:15:00

PRIOn knowledge base

www.prio-n.com

dell powerstore

version 3.5

bypassing cryptographic

malicious binaries

high privileged user

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.5%

JSON

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CPENameOperatorVersion
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321
powerstoret_oseq< 3.5.0.0-2050321

Name	Operator	Version
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321
powerstoret_os	eq	< 3.5.0.0-2050321