Impact
Dell PowerFlex Manager, for versions earlier than 5.1.0.1, has an Improper Authentication flaw that enables an unauthenticated attacker who can reach the manager through adjacent network access to potentially exploit it, resulting in unauthorized access. This weakness allows the attacker to bypass credential checks and interact with the management interface, potentially executing privileged actions, accessing sensitive data, or altering configuration settings. The failure to properly enforce authentication compromises confidentiality, integrity, and availability for the PowerFlex environment.
Affected Systems
Dell PowerFlex Manager is the affected product. Specific version numbers are not disclosed in the advisory. Any deployment of the manager component that matches the description of adjacent network access exposure is potentially vulnerable.
Risk and Exploitability
The CVSS base score of 8.1 places the issue in the high severity range, and the EPSS score of less than 1% indicates a very low likelihood of exploitation, at least as of this assessment. The vulnerability is not listed in CISA’s KEV catalog. The attack likely requires local or subnet-level network proximity, allowing a non‑authenticated user to reach the manager interface. If successful, the attacker can bypass authentication controls and gain unauthorized access to the PowerFlex management plane.
OpenCVE Enrichment