Privilege Escalation Vulnerability in Unisphere for PowerMax by Dell
CVE-2021-36338

6.3MEDIUM

Key Information:

Vendor: Dell
Status: Unisphere For Powermax
Vendor: CVE Published:; 21 January 2022

Summary

Unisphere for PowerMax versions prior to 9.2.2.2 has a vulnerability that allows adjacent malicious users to escalate their privileges. This exploitation can enable unauthorized access to features and functionalities, undermining the integrity of access control mechanisms within the product. A follow-up security update, CVE-2022-31233, was introduced to address the inadequacies of the initial mitigation measures.

Affected Version(s)

Unisphere for PowerMax < 9.2.2.2

References

https://www.dell.com/support/kbdoc/000194640

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2022
Vulnerability Reserved
Jul 8, 2021