Multiple vulnerabilities in Dell PowerStore X
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 37 |
| CVE-ID | CVE-2021-3572 CVE-2024-21131 CVE-2024-21140 CVE-2024-21144 CVE-2024-21147 CVE-2024-21138 CVE-2024-21145 CVE-2024-5535 CVE-2023-5752 CVE-2024-37371 CVE-2020-14343 CVE-2020-25659 CVE-2023-52323 CVE-2023-32681 CVE-2024-31146 CVE-2024-31145 CVE-2024-37370 CVE-2022-2309 CVE-2024-1975 CVE-2024-2961 CVE-2024-1737 CVE-2023-45288 CVE-2023-48161 CVE-2022-28506 CVE-2021-40633 CVE-2024-33601 CVE-2024-33602 CVE-2024-33600 CVE-2023-5517 CVE-2024-33599 CVE-2022-41853 CVE-2024-3651 CVE-2024-28180 CVE-2023-50387 CVE-2023-50868 CVE-2023-6516 CVE-2023-4408 |
| CWE-ID | CWE-20 CWE-125 CWE-77 CWE-385 CWE-203 CWE-200 CWE-399 CWE-388 CWE-476 CWE-400 CWE-119 CWE-122 CWE-401 CWE-770 CWE-617 CWE-121 CWE-749 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #14 is available. Vulnerability #20 is being exploited in the wild. Public exploit code for vulnerability #22 is available. Public exploit code for vulnerability #31 is available. Public exploit code for vulnerability #34 is available. Public exploit code for vulnerability #35 is available. |
| Vulnerable software |
PowerStore 9000X Hardware solutions / Firmware PowerStore 7000X Hardware solutions / Firmware PowerStore 5000X Hardware solutions / Firmware PowerStore 3000X Hardware solutions / Firmware PowerStore 1000X Hardware solutions / Firmware PowerStoreX OS Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 37 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU62512
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3572
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Policy (python-pip) component in Oracle Communications Cloud Native Core Policy. A remote authenticated user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU94559
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU94557
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU94558
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Concurrency component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU94555
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU94560
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU94556
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-21145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Command Injection
EUVDB-ID: #VU84849
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5752
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU93519
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37371
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU54520
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2020-14343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing untrusted YAML files through the full_load method or with the FullLoader loader. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system by abusing the python/object/new constructor.
Note, the vulnerability exists due to incomplete patch for vulnerability #VU25823.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Covert Timing Channel
EUVDB-ID: #VU50367
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-25659
CWE-ID:
CWE-385 - Covert Timing Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Observable discrepancy
EUVDB-ID: #VU85747
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52323
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a side-channel attack.
The vulnerability exists due to observable discrepancy, which allows the side-channel leakage for OAEP decryption. A remote attacker can perform a Manger attack and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU77164
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-32681
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Resource management error
EUVDB-ID: #VU96007
Risk: Medium
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31146
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper management of shared resources when using PCI pass-through. A malicious guest can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper error handling
EUVDB-ID: #VU96006
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-31145
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper error handling in x86 IOMMU identity mapping. A malicious guest can access memory regions related to other guests or the hypervisor.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU93518
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37370
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU66813
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-2309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the iterwalk() function. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource exhaustion
EUVDB-ID: #VU94711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1975
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU88822
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-2961
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
21) Resource management error
EUVDB-ID: #VU94710
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1737
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource exhaustion
EUVDB-ID: #VU88184
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-45288
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack. MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
23) Out-of-bounds read
EUVDB-ID: #VU87208
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-48161
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DumpSCreen2RGB() function in gif2rgb.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Heap-based buffer overflow
EUVDB-ID: #VU87207
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-28506
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the DumpScreen2RGB() function in gif2rgb.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory leak
EUVDB-ID: #VU87206
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-40633
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the gif2rgb() function in util/gif2rgb.c. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU89710
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33601
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU89709
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33602
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU89711
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-33600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Reachable Assertion
EUVDB-ID: #VU86382
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5517
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when querying RFC 1918 reverse zones. A remote attacker can send a specially crafted DNS query and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Stack-based buffer overflow
EUVDB-ID: #VU89712
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-33599
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Exposed dangerous method or function
EUVDB-ID: #VU69302
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2022-41853
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing authorization when using java.sql.Statement or java.sql.PreparedStatement in hsqldb. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
32) Resource exhaustion
EUVDB-ID: #VU88828
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3651
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource exhaustion
EUVDB-ID: #VU87538
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28180
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource exhaustion
EUVDB-ID: #VU86377
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50387
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
35) Resource exhaustion
EUVDB-ID: #VU86378
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2023-50868
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
36) Resource exhaustion
EUVDB-ID: #VU86379
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-6516
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing specific recursive patterns. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack against the DNS resolver.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource exhaustion
EUVDB-ID: #VU86383
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-4408
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing DNS messages. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerStore 9000X: All versions
PowerStore 7000X: All versions
PowerStore 5000X: All versions
PowerStore 3000X: All versions
PowerStore 1000X: All versions
PowerStoreX OS: before 3.2.1.5-2424458
CPE2.3- cpe:2.3:h:dell:powerstore_9000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_7000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_5000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_3000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstore_1000x:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerstorex_os:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
