CVE-2022-32498

Vulnerability

Dell EMC PowerStore Command Line Interface (PSTCLI) for Windows and Linux (x64 and x86) versions prior to 3.0.0.0-1732745 contain a DLL hijacking vulnerability. The vulnerability exists in the PSTCLI tool, which is used to manage PowerStore systems. An attacker can place a malicious DLL in a directory that is searched before the legitimate DLL, causing the application to load the attacker's code. [1]

Exploitation

Exploitation requires local access to the system where PSTCLI is installed. The attacker must have the ability to write a malicious DLL to a location that is in the DLL search path of the PSTCLI executable. No user interaction beyond launching PSTCLI is needed; the attacker can trigger the vulnerability by having a user or automated process run the PSTCLI tool. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the PSTCLI process. This can lead to privilege escalation, bypass of software allow list solutions, and potential system takeover or exposure of sensitive IP. The attacker gains the privileges of the user running PSTCLI, which may be elevated if run as administrator. [1]

Mitigation

Dell has released updated versions of the PSTCLI tool: 3.0.0.0-1732745 for Windows and Linux (x64 and x86). Users should upgrade to these versions. The update is available from Dell's support site. No workaround is mentioned; upgrading is the recommended mitigation. [1]