PT-2019-16693 · Dell Emc · Dell Emc Powerconnect

Published

2019-08-20

Updated

2020-10-16

CVE-2019-3753

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC PowerConnect versions prior to 5.1.15.2

Description The issue concerns the storage of TACACSRadius credentials in plain text within the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password, potentially using it for further attacks.

Recommendations For versions prior to 5.1.15.2, update the firmware to version 5.1.15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the system settings menu to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-312

Related Identifiers

CVE-2019-3753

Affected Products

Dell Emc Powerconnect

PT-2019-16693 · Dell Emc · Dell Emc Powerconnect

CVE-2019-3753

Weakness Enumeration

Related Identifiers

Affected Products

References · 3