Impact
Dell PowerFlex Manager has an improper access control flaw that allows a low‑privileged attacker with access to the adjacent network to gain unauthorized access or elevate privileges on the manager. This vulnerability, identified as CWE‑284, could enable an attacker to modify configurations, read sensitive data, or otherwise gain broader system control. The flaw exists in versions prior to 5.1.0.1.
Affected Systems
Dell PowerFlex Manager versions earlier than 5.1.0.1 are affected. The vulnerability applies to installations where the manager is exposed to adjacent network traffic.
Risk and Exploitability
The CVSS score of 5.7 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely but not impossible. The vulnerability is not listed in CISA’s KEV catalog. An attacker must have low‑privileged access on the same local network to reach PowerFlex Manager. The impact is elevation of privileges and unauthorized access. Given the moderate score and low exploitation probability, patching remains essential to prevent potential exploitation.
OpenCVE Enrichment