Container Storage Modules
Monthly
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
OS command injection in Dell Container Storage Modules (CSM) version 2.16.0 - spanning the csi-powerstore, csi-unity, csi-powerflex, and csi-powermax CSI drivers - lets a remote, high-privileged attacker inject and execute arbitrary operating-system commands (CWE-78). Successful exploitation yields full confidentiality, integrity, and availability impact with a scope change, meaning command execution can reach beyond the vulnerable component into the surrounding host or cluster. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 3.1 base score is 8.0 (High).
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.