Dell PowerStore 2.1.0.x Auth Bypass Vulnerability
CVE-2022-26870 Published on October 21, 2022

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

NVD

Vulnerability Analysis

CVE-2022-26870 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Products Associated with CVE-2022-26870

Want to know whenever a new CVE is published for Dell Powerstoreos? stack.watch will email you.

Dell Powerstoreos

Affected Versions

Dell PowerStore:

Version unspecified and below 2.1.x is affected.

Exploit Probability

EPSS

2.07%

Percentile

83.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.