CVE-2022-31233 — Client-Side Enforcement of Server-Side Security in Dell Unisphere FOR Powermax

CWE-602 — Client-Side Enforcement of Server-Side Security CWE-669 — Incorrect Resource Transfer Between Spheres3 documents3 sources

Severity

8.0HIGHNVD

CNA6.3

EPSS

0.1%

top 70.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unisphere FOR Powermax Dell Evasa Provider Virtual Appliance Dell Solutions Enabler +5 more

Timeline

PublishedAug 31

Latest updateSep 1

Description

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5dell/unisphere_for_powermaxunspecified — 9.2.3.15

▶NVDdell/unisphere< 9.2.3.15

▶NVDdell/unisphere_360< 9.2.3.6

▶NVDdell/powermax_os5978

▶NVDdell/vasa< 9.2.3.15

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-x88j-4p5j-6442: Unisphere for PowerMax versions before 9↗2022-09-01

▶

CVEList

CVE-2022-31233: Unisphere for PowerMax versions before 9↗2022-08-31

▶