Impact
Dell PowerFlex Manager, in versions prior to 5.1.0.1, contains an improper authentication vulnerability that allows an unauthenticated attacker with adjacent network access to gain information disclosure, tampering, and unauthorized access before any valid credentials are provided. This authentication bypass (CWE-287) enables the attacker to read or modify configuration data, potentially collecting sensitive system information or gaining further network footholds.
Affected Systems
The affected product is Dell PowerFlex Manager. The CVE notes that the vulnerability exists in versions prior to 5.1.0.1. The vulnerability applies to any deployment of PowerFlex Manager that is reachable from a threat actor’s network segment.
Risk and Exploitability
The CVSS score of 7.4 indicates high severity, while the EPSS score of less than 1% suggests that the likelihood of exploitation is low at present. The CVE is not listed in the CISA KEV catalog. Attackers would need adjacent network access to the PowerFlex Manager service and can exploit the weakness without authentication. The impact could be severe if the attacker successfully accesses or modifies critical configuration data.
OpenCVE Enrichment