High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-28079 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2023-28080 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-32448 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-28079 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2023-28080 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-32448 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-28079 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
CVE-2023-28080 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
CVE-2023-32448 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-28079 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
CVE-2023-28080 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
CVE-2023-32448 | PowerPath Windows | Version 7.0, 7.1, and 7.2 | Version 7.2 P01 | https://www.dell.com/support/home/product-support/product/powerpath-for-windows/drivers |
Revision | Date | Description |
---|---|---|
1.0 | 2023-05-24 | Initial Release |
2.0 | 2023-09-01 | Added link to CVSS score calculator. |