CVE-2022-29085

Name of the Vulnerable Software and Affected Versions Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173

Description The issue concerns a plain-text password storage vulnerability that occurs when certain off-array tools are run on the system. This vulnerability exposes the credentials of a user with high privileges, storing them in plain text. A local malicious user with high privileges may exploit this to gain access with the privileges of the compromised user.

Recommendations For Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173, update to version 5.2.0.0.5.173 or later to resolve the issue. As a temporary workaround, consider restricting access to off-array tools that may trigger the vulnerability until a patch is applied.