Cyber Resilience

CVE-2022-31233

Medium

Published: 31 August 2022

Published
31 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0011 29.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-31233 is a medium-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Dell Evasa Provider Virtual Appliance. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
evasa provider virtual appliance
≤ 9.2.3.7
dell
solutions enabler
≤ 9.2.3.4
dell
solutions enabler virtual appliance
≤ 9.2.3.4
dell
unisphere 360
≤ 9.2.3.6
dell
unisphere for powermax
≤ 9.2.3.15
dell
unisphere for powermax virtual appliance
≤ 9.2.3.15
dell
vasa
≤ 9.2.3.15
dell
powermax os
5978

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-669

Enforces proper authorization rules for any resource or data transfer between different spheres.

addresses: CWE-669

Accountability, documentation, and protection requirements ensure correct transfer of media resources between spheres.

addresses: CWE-669

Reduces incorrect transfers between spheres by establishing clear, separate domains for different sensitivities or functions.

addresses: CWE-669

It governs all resource transfers between spheres, preventing incorrect or unauthorized movement of data or capabilities across domain interfaces.

addresses: CWE-669

Addresses incorrect transfer of resources to an uncontrolled sphere by requiring approved destruction or sanitization methods.

References