CVE-2022-32498
published 2022-07-21CVE-2022-32498: Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.18%
7.5th percentile
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | powerstore | >= unspecified < v3.0.0.0 | v3.0.0.0 |
| dell | powerstore_command_line_interface | < 3.0.0.0-1732745 | 3.0.0.0-1732745 |
| openstack | nova | 0 – 27.4.0 | — |
| openstack | nova | 28.0.0 – 28.2.0 | — |
| openstack | nova | 29.0.0 – 29.1.0 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa5.7MEDIUM
vendor_redhat5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
ghsa·2024-07-24·CVSS 5.7
CVE-2024-40767 [MEDIUM] CWE-436 OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
GHSA
GHSA-g8x4-8c3g-88qx: Dell EMC PowerStore, Versions prior to v3
ghsa_unreviewed·2022-07-22
CVE-2022-32498 [HIGH] CWE-427 GHSA-g8x4-8c3g-88qx: Dell EMC PowerStore, Versions prior to v3
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.
Red Hat
openstack-nova: Regression VMDK/qcow arbitrary file access
vendor_redhat·2024-07-23·CVSS 5.7
CVE-2024-40767 [MEDIUM] CWE-552 openstack-nova: Regression VMDK/qcow arbitrary file access
openstack-nova: Regression VMDK/qcow arbitrary file access
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may conv
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-21
Published