7.2
CVE-2019-3753
- EPSS 0.12%
- Veröffentlicht 20.08.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:42:28
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Emc Powerconnect 8024 Firmware Version < 5.1.15.2
Dell ≫ Emc Powerconnect 7000 Firmware Version < 5.1.15.2
Dell ≫ Emc Powerconnect M6348 Firmware Version < 5.1.15.2
Dell ≫ Emc Powerconnect M6220 Firmware Version < 5.1.15.2
Dell ≫ Emc Powerconnect M8024 Firmware Version < 5.1.15.2
Dell ≫ Emc Powerconnect M8024-k Firmware Version < 5.1.15.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.281 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| security_alert@emc.com | 7.2 | 1.2 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.