DLL Hijacking Vulnerability in Dell EMC PowerStore Products
CVE-2022-32498

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 21 July 2022

Summary

This vulnerability in Dell EMC PowerStore's PSTCLI allows a local attacker to exploit DLL hijacking, leading to arbitrary code execution, privilege escalation, and potential system takeover. Consequently, this compromises the integrity of the system and bypasses security mechanisms like software allow lists, raising serious security concerns.

Affected Version(s)

PowerStore < unspecified

References

https://www.dell.com/support/kbdoc/000201283

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2022
Vulnerability Reserved
Jun 6, 2022