CVE-2023-32478 – Dell PowerStore storage systems prior to versio... (How to Fix)

Q: What is the severity of CVE-2023-32478?

CVE-2023-32478 has a CVSS score of 9.0 (CRITICAL). Dell PowerStore storage systems prior to version 3.5.0.1 write sensitive information to log files. A malicious high-privileged user could exploit this to access confidential data. Only Dell PowerStore storage appliances running vulnerable software versions are affected.

📋 TL;DR

Dell PowerStore storage systems prior to version 3.5.0.1 write sensitive information to log files. A malicious high-privileged user could exploit this to access confidential data. Only Dell PowerStore storage appliances running vulnerable software versions are affected.

💻 Affected Systems

Products:

Dell PowerStore storage appliances

Versions: All versions prior to 3.5.0.1

Operating Systems: Dell PowerStore OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires high-privileged user access; affects all PowerStore models running vulnerable software.

📦 What is this software?

Powerstoreos by Dell

View all CVEs affecting Powerstoreos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A compromised administrator account could extract sensitive credentials, configuration secrets, or encryption keys from log files, leading to full system compromise or data exfiltration.

🟠

Likely Case

An insider threat or compromised admin account accesses logs containing sensitive operational data, potentially enabling further attacks or data theft.

🟢

If Mitigated

With proper access controls and log monitoring, exploitation would be detected and limited to authorized administrators who already have high privileges.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires existing high-privileged access; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000215171/dsa-2023-173-dell-powerstore-family-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Backup configuration and data. 2. Download PowerStore OS 3.5.0.1 or later from Dell Support. 3. Apply update via PowerStore Manager UI or CLI. 4. Reboot system as required.

🔧 Temporary Workarounds

Restrict log file access

all

Limit access to log files to only necessary administrative accounts using file system permissions.

Enable log monitoring

all

Implement monitoring for unauthorized access to log files and alert on suspicious activity.

🧯 If You Can't Patch

Implement strict access controls to limit high-privileged accounts and monitor their activity.
Regularly audit and sanitize log files to remove sensitive information.

🔍 How to Verify

Check if Vulnerable:

Check PowerStore OS version via PowerStore Manager UI or CLI command: 'svc_version'.

Check Version:

svc_version

Verify Fix Applied:

Confirm version is 3.5.0.1 or later using 'svc_version' command and verify no sensitive data appears in recent logs.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to log files, unusual log file reads by admin accounts, logs containing sensitive data like passwords or keys.

Network Indicators:

Unusual data exfiltration from log storage locations.

SIEM Query:

source="PowerStore" AND (event="File Access" AND file_path="*.log" AND user="admin")

📊 Metadata

CVE ID: CVE-2023-32478

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

CWE: CWE-532

Published: July 21, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32478, you might also want to check these: