CVE-2019-3753
7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | PowerConnect 8024 | unspecified < 5.1.15.2 | affected |
| Dell EMC | PowerConnect 7000 | unspecified < 5.1.15.2 | affected |
| Dell EMC | PowerConnect M6348 | unspecified < 5.1.15.2 | affected |
| Dell EMC | PowerConnect M6220 | unspecified < 5.1.15.2 | affected |
| Dell EMC | PowerConnect M8024 | unspecified < 5.1.15.2 | affected |
| Dell EMC | PowerConnect M8024-K | unspecified < 5.1.15.2 | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.