Vulnerabilities > CVE-2022-31233 - Incorrect Resource Transfer Between Spheres vulnerability in Dell products

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

dell

CWE-669

NVD

Published: 2022-08-31

Updated: 2022-09-07

Summary

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Powermax OS 5978	1
Application	Dell Dell Unisphere FOR Powermax - Dell Unisphere FOR Powermax 9.2.1.6 Dell Unisphere FOR Powermax Virtual Appliance - Dell Unisphere 360 * Dell Solutions Enabler - Dell Solutions Enabler 9.1.0.15 Dell Solutions Enabler 9.2.0 Dell Solutions Enabler 9.2.1.1 Dell Solutions Enabler Virtual Appliance - Dell Evasa Provider Virtual Appliance - Dell Vasa *	12

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://www.dell.com/support/kbdoc/000200975