Description
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
Published: 2026-06-17
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions older than 4.5.1.1 allow an attacker to bypass TLS certificate validation, satisfying the conditions of improper certificate validation. The flaw can be exploited by an unauthenticated, remote adversary to intercept or alter communications, effectively enabling a man‑in‑the‑middle attack. This vulnerability is classified under CWE-295.

Affected Systems

Dell PowerFlex Manager is affected in all releases prior to 4.5.1.1, regardless of deployment size or architecture. No further vendor or product granularity is available from the CNA data.

Risk and Exploitability

The likely attack vector is a remote, unauthenticated attacker capable of sending traffic that the Dell PowerFlex Manager accepts while bypassing certificate validation. Based on the description, it is inferred that the attacker can hijack communications or perform a man‑in‑the‑middle attack, especially if DNS cache poisoning is used to redirect traffic. The CVSS score of 6.5 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is not currently listed in the CISA KEV catalog. Because the flaw is exploitable remotely and does not require privileged access, it could be leveraged by an attacker in any network region that can reach the Manager interface, especially in conjunction with DNS cache poisoning to redirect traffic.

Generated by OpenCVE AI on June 18, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Manager security update to version 4.5.1.1 or newer as provided in the Dell security advisory.
  • Configure the Manager to enforce strict TLS certificate validation and reject self‑signed or unsigned certificates.
  • Harden DNS infrastructure to prevent or detect cache poisoning, e.g., enable DNSSEC or monitor for anomalous NXDomain responses.
  • Monitor network traffic for TLS anomalies and investigate potential man‑in‑the‑middle attempts.

Generated by OpenCVE AI on June 18, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex Manager
Vendors & Products Dell
Dell powerflex Manager

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Dell Powerflex Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-17T15:16:12.957Z

Reserved: 2024-09-25T05:22:37.837Z

Link: CVE-2024-47477

cve-icon Vulnrichment

Updated: 2026-06-17T15:16:09.125Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses
  • CWE-295

    Improper Certificate Validation