CVE-2022-22556

Vulnerability

CVE-2022-22556 is an Uncontrolled Resource Consumption vulnerability in the PowerStore User Interface component of Dell PowerStore. The vulnerability affects all versions prior to the fix released in the DSA-2022-014 security update. The issue resides in the UI code where insufficient resource limits allow an attacker to trigger excessive resource usage, leading to denial of service.[1]

Exploitation

A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the PowerStore User Interface over the network. The CVSS vector indicates the attack complexity is high (AC:H), meaning the attacker may need to rely on specific conditions or timing to cause resource exhaustion. No authentication or user interaction is required.[1]

Impact

Successful exploitation results in denial of service (availability impact rated low per CVSS). The UI becomes unresponsive, potentially interrupting management operations. No confidentiality or integrity impact is expected. The CVSS base score is 3.7 (low severity).[1]

Mitigation

Dell released a security update (DSA-2022-014) in June 2022. Users should upgrade to the fixed PowerStore version as specified in the advisory. Restricting network access to the PowerStore management interface can reduce exposure.[1]