PT-2022-6348 · Dell Emc · Dell Emc Scg Policy Manager
Mal
+1
·
Published
2022-11-10
·
Updated
2023-01-19
·
CVE-2022-34441
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell EMC SCG Policy Manager versions 5.10 through 5.12
Description
The issue is related to a Hard-coded Cryptographic Key, which could allow an attacker with knowledge of the hard-coded sensitive information to potentially exploit this vulnerability and gain admin privileges by logging into the system. An attacker could exploit this to elevate their privileges.
Recommendations
For Dell EMC SCG Policy Manager versions 5.10 through 5.12, consider restricting access to sensitive areas of the system until a fix is available, and avoid using the hard-coded cryptographic key in any authentication processes. As a temporary workaround, consider disabling any features that rely on the hard-coded key to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Emc Scg Policy Manager