CVE-2022-31234

Vulnerability

Dell EMC PowerStore contains an Improper Restriction of Excessive Authentication Attempts vulnerability in the PowerStore Manager GUI. This allows a remote unauthenticated attacker to perform password brute-force attacks. The vulnerability affects PowerStore T OS versions before 3.0.0.0-1732745 [1].

Exploitation

An attacker can exploit this vulnerability by sending a large number of authentication requests to the PowerStore Manager GUI without any prior authentication or network position restrictions. The lack of rate limiting on login attempts enables systematic password guessing [1].

Impact

Successful exploitation allows the attacker to guess valid user credentials, potentially leading to account takeover. If weak passwords are used, the attacker could gain administrative or user-level access to the PowerStore system, resulting in unauthorized access, data disclosure, or further compromise [1].

Mitigation

Dell recommends upgrading to PowerStore T OS Upgrade 3.0.0.0-1732745 or later, which includes a fix for this vulnerability. The update is available via Dell Support [1]. No workarounds have been disclosed.