CVE Vulnerabilities

CVE-2022-26870

Authentication Bypass Using an Alternate Path or Channel

Published: Oct 21, 2022 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Powerstoreos Dell 2.1.0.0 (including) 2.1.0.0 (including)
Powerstoreos Dell 2.1.0.1 (including) 2.1.0.1 (including)

Potential Mitigations

References