CVE-2022-26869
📋 TL;DR
Dell PowerStore storage systems have an open port vulnerability that allows remote unauthenticated attackers to access sensitive information and execute arbitrary code. This affects PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x. The vulnerability is critical with a CVSS score of 9.8.
💻 Affected Systems
- Dell PowerStore
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker gains full control of the PowerStore system, accesses all stored data, and uses the compromised system as a foothold for further network attacks.
Likely Case
Attacker exploits the open port to extract sensitive configuration data, credentials, or stored information, potentially leading to data theft or system disruption.
If Mitigated
With proper network segmentation and access controls, the attack surface is limited, reducing the likelihood of successful exploitation.
🎯 Exploit Status
The vulnerability requires no authentication and is described as having low attack complexity, making it relatively easy to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.1.0 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/000196367
Restart Required: Yes
Instructions:
1. Download PowerStoreOS 2.1.1.0 or later from Dell Support. 2. Upload the software to the PowerStore system. 3. Apply the update through the PowerStore Manager interface. 4. Reboot the system as required.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to PowerStore management interfaces using firewalls or network ACLs.
Access Control Lists
allImplement strict source IP restrictions for PowerStore management network access.
🧯 If You Can't Patch
- Isolate PowerStore systems in a dedicated VLAN with strict access controls
- Implement network monitoring and intrusion detection for PowerStore management traffic
🔍 How to Verify
Check if Vulnerable:
Check PowerStore version in PowerStore Manager under System > Software. If version is 2.0.0.x, 2.0.1.x, or 2.1.0.x, the system is vulnerable.Check Version:
From PowerStore Manager: System > Software > Current VersionVerify Fix Applied:
Verify PowerStore version is 2.1.1.0 or later in PowerStore Manager. Confirm the vulnerable port is no longer accessible from unauthorized networks.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to PowerStore management ports
- Unexpected process execution or system modifications
Network Indicators:
- Unusual traffic to PowerStore management ports from unexpected sources
- Port scanning activity targeting PowerStore systems
SIEM Query:
source_ip NOT IN (authorized_ips) AND destination_port IN (PowerStore_management_ports)