CVE-2022-31233: 
Dell EMC Solutions Enabler vulnerability analysis and mitigation

CVE-2022-31233 is a privilege escalation vulnerability affecting Unisphere for PowerMax versions before 9.2.3.15. This vulnerability was discovered and reported by Mateusz Dąbrowski, and it addresses a partial fix from a previous vulnerability (CVE-2021-36338). The vulnerability was assigned on May 19, 2022 (CVE Mitre).

The vulnerability has been assigned a CVSS Base Score of 6.3 with a vector string of CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N. This indicates that the vulnerability requires adjacent network access, low attack complexity, and low privileges, with no user interaction required. The scope is unchanged, with low confidentiality impact and high integrity impact, but no availability impact (Dell Advisory).

If exploited, this vulnerability allows an adjacent malicious user to escalate their privileges and gain unauthorized access to functionalities they normally would not have access to. The impact primarily affects the integrity of the system with high severity, while having a lower impact on confidentiality (Dell Advisory).

Dell has released version 9.2.3.15 of Unisphere for PowerMax to address this vulnerability. Users are advised to upgrade to this version or later. For PowerMax OS 5978 users, they need to request OPT 599422 for Hickory SR (Dell Advisory).