CVE-2019-3753

Published: Aug 20, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

Affected (6)

Products: Dell: Emc Powerconnect 8024 Firmware, Emc Powerconnect 7000 Firmware, Emc Powerconnect M6348 Firmware, Emc Powerconnect M6220 Firmware, Emc Powerconnect M8024 Firmware, Emc Powerconnect M8024 K Firmware

Dell

6 products

Emc Powerconnect 8024 Firmware

Emc Powerconnect 7000 Firmware

Emc Powerconnect M6348 Firmware

Emc Powerconnect M6220 Firmware

Emc Powerconnect M8024 Firmware

Emc Powerconnect M8024 K Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect 8024 Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect 8024	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect 7000 Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect 7000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect M6348 Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect M6348	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect M6220 Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect M6220	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect M8024 Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect M8024	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Powerconnect M8024 K Firmware	Before 5.1.15.2

Running on/with	Platform Versions
Dell Emc Powerconnect M8024 K	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.dell.com/support/article/sln318359/

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/article/sln318359/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.