CVE-2022-26869

Vulnerability

The vulnerability (CVE-2022-26869) is an open port vulnerability present in Dell PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x [1]. An open port on the system allows network-based attacks without requiring authentication. The exact port or service is not detailed in the available references, but the condition is reachable from the network by any unauthenticated remote user.

Exploitation

A remote unauthenticated attacker can exploit this vulnerability by sending crafted traffic to the open port on an affected PowerStore system [1]. No authentication, user interaction, or special network position beyond network access is required. The attacker does not need prior access to the system.

Impact

Successful exploitation can lead to information disclosure and arbitrary code execution [1]. The CVSS base score is not published for this specific CVE in the reference; however, given the potential for full compromise, the impact is severe. An attacker could gain complete control of the affected system, accessing sensitive data and executing arbitrary commands with the privileges of the affected service.

Mitigation

Dell released a security update to address this vulnerability. Users should apply the latest firmware and security patches for their PowerStore versions as directed in the Dell security advisory DSA-2022-014 [1]. Workarounds are not provided; the recommended mitigation is to restrict network access to the PowerStore management and data interfaces to trusted hosts only, and upgrade to a fixed version.