CVE-2022-22555

MEDIUM

Dell EMC PowerStore - Command Injection

Title source: llm

Description

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

Exploits (1)

nomisec NO CODE

by colaoo123 · poc

https://github.com/colaoo123/cve-2022-22555

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/000201283

Scores

CVSS v3 6.0

EPSS 0.0056

EPSS Percentile 68.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-78

Status published

Products (5)

dell/emc_powerstore_1200t_firmware < 3.0.0.0-1732745

dell/emc_powerstore_3200t_firmware < 3.0.0.0-1732745

dell/emc_powerstore_500t_firmware < 3.0.0.0-1732745

dell/emc_powerstore_5200t_firmware < 3.0.0.0-1732745

dell/emc_powerstore_9200t_firmware < 3.0.0.0-1732745

Published Jul 21, 2022

Tracked Since Feb 18, 2026