CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2023-32449
https://notcve.org/view.php?id=CVE-2023-32449
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks • https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-33923
https://notcve.org/view.php?id=CVE-2022-33923
Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. Dell PowerStore, versiones anteriores a 3.0.0.0, contiene una vulnerabilidad de inyección de comandos del Sistema Operativo en el entorno PowerStore T. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de un comando de SO arbitrario en el SO subyacente de PowerStore. • https://www.dell.com/support/kbdoc/000201283 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31234
https://notcve.org/view.php?id=CVE-2022-31234
Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users. Dell EMC PowerStore, contiene una vulnerabilidad de restricción inapropiada de intentos de autenticación excesivos en la GUI de PowerStore Manager. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, conllevando a forzar la contraseña. • https://www.dell.com/support/kbdoc/000201283 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22555
https://notcve.org/view.php?id=CVE-2022-22555
Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. Dell EMC PowerStore, contiene una vulnerabilidad de inyección de comandos del Sistema Operativo. Un atacante autenticado localmente podría potencialmente explotar esta vulnerabilidad, conllevando a una ejecución de comandos de SO arbitrarios en el SO subyacente de PowerStore, con los privilegios de la aplicación vulnerable. • https://www.dell.com/support/kbdoc/000201283 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •