Summaryinfo

A vulnerability described as critical has been identified in Dell Unisphere for PowerMax. This affects an unknown function. Executing a manipulation can lead to client-side enforcement of server-side security. This vulnerability appears as CVE-2022-31233. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability has been found in Dell Unisphere for PowerMax and classified as critical. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a client-side enforcement of server-side security vulnerability. The CWE definition for the vulnerability is CWE-602. The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

The weakness was presented 09/01/2022. The advisory is shared for download at dell.com. This vulnerability was named CVE-2022-31233 since 05/19/2022. There are neither technical details nor an exploit publicly available.

Upgrading to version 9.2.3.15 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Dell

Name

• Unisphere for PowerMax

Version

• 9.2.1.6
• 9.2.2.2
• 9.2.3

License

• commercial

Website

• Vendor: https://www.dell.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion