CVE-2022-32498 - Vulnerability Details - OpenCVE

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Powerstore Command Line Interface

Configuration 1 [-]

cpe:2.3:a:dell:powerstore_command_line_interface:*:*:*:*:*:linux:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-35570	Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/000201283

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2022-07-20T20:55:24.343479Z

Updated: 2024-09-17T01:41:21.354Z

Reserved: 2022-06-06T00:00:00

Link: CVE-2022-32498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-21T04:15:12.767

Modified: 2024-11-21T07:06:29.463

Link: CVE-2022-32498

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "PowerStore", "vendor": "Dell", "versions": [{"lessThan": "v3.0.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T20:55:24", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000201283"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2022-07-07", "ID": "CVE-2022-32498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerStore", "version": {"version_data": [{"version_affected": "<", "version_value": "v3.0.0.0"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure."}]}, "impact": {"cvss": {"baseScore": 5.5, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427: Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000201283", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000201283"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.374Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/000201283"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2022-32498", "datePublished": "2022-07-20T20:55:24.343479Z", "dateReserved": "2022-06-06T00:00:00", "dateUpdated": "2024-09-17T01:41:21.354Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerstore_command_line_interface:*:*:*:*:*:linux:*:*", "matchCriteriaId": "7FE54BC7-CBF6-4D77-AED4-E9BF5733A70F", "versionEndExcluding": "3.0.0.0-1732745", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure."}, {"lang": "es", "value": "Dell EMC PowerStore, versiones anteriores a v3.0.0.0, contienen una vulnerabilidad de secuestro de DLL en PSTCLI. Un atacante local puede explotar potencialmente esta vulnerabilidad para ejecutar c\u00f3digo arbitrario, escalar privilegios y omitir las soluciones de la lista de permisos del software, conllevando la toma de control del sistema o la exposici\u00f3n de la IP"}], "id": "CVE-2022-32498", "lastModified": "2024-11-21T07:06:29.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-21T04:15:12.767", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000201283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000201283"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}