Multiple vulnerabilities in Dell PowerStoreT OS
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2024-45021 CVE-2024-45310 CVE-2024-6232 CVE-2024-7348 CVE-2023-50782 CVE-2024-46695 CVE-2024-45003 CVE-2023-45142 CVE-2024-44946 CVE-2024-41087 CVE-2024-36971 CVE-2022-48945 CVE-2022-48911 CVE-2022-1996 CVE-2023-47108 |
| CWE-ID | CWE-665 CWE-362 CWE-185 CWE-367 CWE-203 CWE-667 CWE-416 CWE-400 CWE-415 CWE-119 CWE-942 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #9 is available. Vulnerability #11 is being exploited in the wild. |
| Vulnerable software |
PowerStore 9200T Hardware solutions / Firmware PowerStore 9000T Hardware solutions / Firmware PowerStore 7000T Hardware solutions / Firmware PowerStore 5200T Hardware solutions / Firmware PowerStore 5000T Hardware solutions / Firmware PowerStore 3200T Hardware solutions / Firmware PowerStore 3000T Hardware solutions / Firmware PowerStore 1200T Hardware solutions / Firmware PowerStore 1000T Hardware solutions / Firmware PowerStore 500T Hardware solutions / Firmware PowerStoreT OS Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU96712
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45310
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crate empty files and directories on the host.
The vulnerability exists due to a race condition when handling containers with custom configuration. A remote attacker can trick the victim into running a specially crafted Docker or Kubernetes container, which can be used to share a volume between two containers and then exploit a race with os.MkdirAll to create empty files or directories in arbitrary locations in the host filesystem.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service attack against the host system.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Regular Expression
EUVDB-ID: #VU96745
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6232
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU95605
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-7348
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to a race condition when executing concurrent pg_dump sessions. A remote user with privileges to create and drop non-temporary objects can execute arbitrary SQL commands with the privileges of the role running pg_dump (which is often a superuser).
Install update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Observable discrepancy
EUVDB-ID: #VU88199
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50782
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU97268
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46695
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU83546
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-45142
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition. MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
12) Buffer overflow
EUVDB-ID: #VU97681
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48945
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vivid_vid_cap_s_selection() function in drivers/media/platform/vivid/vivid-vid-cap.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU96410
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_queue_entry_dup() function in net/netfilter/nfnetlink_queue.c, within the nf_queue_entry_release_refs(), nf_queue_entry_get_refs() and __nf_queue() functions in net/netfilter/nf_queue.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Overly permissive cross-domain whitelist
EUVDB-ID: #VU66447
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1996
CWE-ID:
CWE-942 - Overly Permissive Cross-domain Whitelist
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource exhaustion
EUVDB-ID: #VU84507
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47108
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to grpc Unary Server Interceptor does not properly control consumption of internal resources when processing multiple requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9200T: All versions
PowerStore 9000T: All versions
PowerStore 7000T: All versions
PowerStore 5200T: All versions
PowerStore 5000T: All versions
PowerStore 3200T: All versions
PowerStore 3000T: All versions
PowerStore 1200T: All versions
PowerStore 1000T: All versions
PowerStore 500T: All versions
PowerStoreT OS: before 3.6.1.5-2456810
CPE2.3- cpe:2.3:h:dell:powerstore_9200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_9000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1200t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_500t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstoret_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
