CVE-2022-29085

Published: Jun 2, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Affected (3)

Products: Dell: Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment

Dell

3 products

Unity Operating Environment

Unity Xt Operating Environment

Unityvsa Operating Environment

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Unity Operating Environment	Before 5.2.0.0.5.173
Dell Unity Xt Operating Environment	Before 5.2.0.0.5.173
Dell Unityvsa Operating Environment	Before 5.2.0.0.5.173

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.dell.com/support/kbdoc/000199050

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000199050

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.