Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/000201283 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
30 Jul 2022, 01:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:dell:emc_powerstore_1200t:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerstore_500t_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:emc_powerstore_3200t:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerstore_9200t_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerstore_1200t_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:emc_powerstore_5200t:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerstore_3200t_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_powerstore_5200t_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dell:emc_powerstore_9200t:-:*:*:*:*:*:*:* cpe:2.3:h:dell:emc_powerstore_500t:-:*:*:*:*:*:*:* |
|
CWE | CWE-78 | |
First Time |
Dell emc Powerstore 3200t Firmware
Dell emc Powerstore 1200t Firmware Dell emc Powerstore 500t Dell emc Powerstore 1200t Dell emc Powerstore 5200t Firmware Dell emc Powerstore 500t Firmware Dell emc Powerstore 5200t Dell emc Powerstore 3200t Dell emc Powerstore 9200t Firmware Dell Dell emc Powerstore 9200t |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://www.dell.com/support/kbdoc/000201283 - Patch, Vendor Advisory |
21 Jul 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-21 04:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-33923
Mitre link : CVE-2022-33923
CVE.ORG link : CVE-2022-33923
JSON object : View
Products Affected
dell
- emc_powerstore_500t_firmware
- emc_powerstore_5200t_firmware
- emc_powerstore_1200t_firmware
- emc_powerstore_500t
- emc_powerstore_9200t_firmware
- emc_powerstore_9200t
- emc_powerstore_3200t_firmware
- emc_powerstore_3200t
- emc_powerstore_5200t
- emc_powerstore_1200t
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')