Unrated severityNVD Advisory· Published Jun 2, 2022· Updated Sep 17, 2024

CVE-2022-26868

Description

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in Dell EMC PowerStore 2.0.0.x, 2.0.1.x, and 2.1.0.x allows authenticated attackers to execute arbitrary OS commands, potentially leading to system takeover.

Vulnerability

A command injection vulnerability exists in Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x. The flaw allows an authenticated attacker to inject arbitrary OS commands into the application's underlying operating system, which are then executed with the privileges of the vulnerable application [1].

Exploitation

To exploit this vulnerability, an attacker must first authenticate to the PowerStore system. The attacker then sends crafted input to a vulnerable component or function, which is not properly sanitized, leading to command injection. No user interaction beyond authentication is required for exploitation [1].

Impact

Successful exploitation enables the attacker to execute arbitrary OS commands on the underlying operating system. This can lead to full compromise of the affected system, including data disclosure, alteration, or denial of service, and potentially a complete system takeover [1].

Mitigation

Dell EMC has addressed this vulnerability in a security update. Affected users should apply the latest patches as provided in the Dell Security Advisory [1]. No workarounds have been disclosed; upgrading to a fixed version is the recommended mitigation.

References

DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Webassist/Powerstorellm-fuzzy
Range: 2.0.0.x, 2.0.1.x, 2.1.0.x
Dell/Powerstoreoscpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/000196367mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000