PT-2019-16693 · Dell Emc · Dell Emc Powerconnect

Publicado

2019-08-20

Atualizado

2020-10-16

CVE-2019-3753

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC PowerConnect versions prior to 5.1.15.2

Description The issue concerns the storage of TACACSRadius credentials in plain text within the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password, potentially using it for further attacks.

Recommendations For versions prior to 5.1.15.2, update the firmware to version 5.1.15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the system settings menu to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-312

Identificadores relacionados

CVE-2019-3753

Produtos afetados

Dell Emc Powerconnect

PT-2019-16693 · Dell Emc · Dell Emc Powerconnect

CVE-2019-3753

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3