Impact
Dell PowerFlex Manager has an Improper Access Control flaw described as CWE-284. Versions older than 5.1.0.1 are affected. A low privileged attacker who can reach the system over the network may use this weakness to trigger a denial of service, disrupting the availability of the PowerFlex management services. The impact statement is limited to service interruption; no compromise of data confidentiality or integrity is disclosed in the available information.
Affected Systems
The vulnerability affects Dell PowerFlex software, specifically the PowerFlex Manager component. It applies to all released PowerFlex Manager versions prior to 5.1.0.1; the advisory does not enumerate sub‑versions, but any version before the listed release is vulnerable.
Risk and Exploitability
The CVSS score of 7.1 indicates a moderate to high severity. The EPSS score is less than 1%, suggesting that, while the flaw is real, its exploitation likelihood on the internet is low. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been confirmed as broadly exploited in the field. The likely attack vector is remote, requiring network connectivity to the PowerFlex Manager interface, and the attacker needs only low privileges to push the denial of service.
OpenCVE Enrichment