Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
Published: 2026-05-22
Score: 3.6 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions up to 4.6.2 include a use of a broken or risky cryptographic algorithm in the SSH component. An attacker with low privileges and local access could exploit this flaw, allowing the bypass of protection mechanisms. This results in the attacker gaining additional permissions or executing privileged operations beyond their authorized scope, a weakness identified as CWE-327.

Affected Systems

Affected systems are Dell PowerFlex Manager, including the standard, appliance, and rack variants, all running any revision 4.6.2 or earlier.

Risk and Exploitability

Based on the description, it is inferred that the CVSS score of 3.6 indicates low severity, and the EPSS score was not published, implying a low likelihood of known exploitation. Based on the description, it is inferred that the vulnerability requires local access by a low‑privileged user, so remote exploitation is unlikely. The risk is mitigated by enforcing least‑privilege local accounts and monitoring for misuse. No CISA KEV listing is present.

Generated by OpenCVE AI on May 22, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell PowerFlex Manager security updates when they are released, as specified in Dell's support documentation.
  • Upgrade to any Dell PowerFlex Manager version newer than 4.6.2.
  • Limit local accounts that can access SSH and enforce strong cipher suites to avoid weak cryptographic algorithms.

Generated by OpenCVE AI on May 22, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack

Fri, 22 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Weak SSH Cryptographic Algorithm Enables Local Privilege Escalation in PowerFlex Manager

Fri, 22 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
Weaknesses CWE-327
References
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T16:24:54.849Z

Reserved: 2025-04-23T05:03:43.136Z

Link: CVE-2025-46371

cve-icon Vulnrichment

Updated: 2026-05-22T16:24:50.411Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T17:00:14Z

Weaknesses