PT-2022-18115 · Dell Emc · Dell Emc Powerstore
Published
2022-06-02
·
Updated
2022-06-13
·
CVE-2022-26868
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell EMC PowerStore versions 2.0.0.x through 2.1.0.x
Description
The issue is a command injection flaw that allows an authenticated attacker to execute arbitrary OS commands on the application's underlying OS with the privileges of the vulnerable application. This could potentially lead to a system takeover by an attacker.
Recommendations
For versions 2.0.0.x, 2.0.1.x, and 2.1.0.x, consider restricting access to the system until a patch is available to prevent exploitation of the command injection flaw.
As a temporary workaround, consider disabling any functionality that allows command execution on the underlying OS to minimize the risk of exploitation.
Restrict access to the vulnerable application to minimize the risk of system takeover by an attacker.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Emc Powerstore