Improper Verification of Cryptographic Signature in Dell PowerStore
CVE-2023-32449

7.2HIGH

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 22 June 2023

Summary

Dell PowerStore versions prior to 3.5 are susceptible to a vulnerability that allows an attacker to exploit improper verification of cryptographic signatures. By tricking a high privileged user into installing a malicious binary, the attacker can effectively bypass established cryptographic checks. This poses a significant risk, as it can lead to unauthorized code execution and compromise system integrity.

Affected Version(s)

PowerStore PowerStoreT OS Versions prior to 3.5.0.0-2050321

References

https://www.dell.com/support/kbdoc/en-us/000215171/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 22, 2023
Vulnerability Reserved
May 9, 2023