CVE-2022-33923

MEDIUM

Dell PowerStore <3.0.0.0 - Command Injection

Title source: llm
STIX 2.1

Description

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000201283

Scores

CVSS v3 6.4
EPSS 0.0025
EPSS Percentile 48.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (5)
dell/emc_powerstore_1200t_firmware < 3.0.0.0-1732745
dell/emc_powerstore_3200t_firmware < 3.0.0.0-1732745
dell/emc_powerstore_500t_firmware < 3.0.0.0-1732745
dell/emc_powerstore_5200t_firmware < 3.0.0.0-1732745
dell/emc_powerstore_9200t_firmware < 3.0.0.0-1732745
Published Jul 21, 2022
Tracked Since Feb 18, 2026