CVE-2023-44300

Published: Dec 4, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected (1)

Products: Dell: Powerprotect Data Manager Dm5500 Firmware

1 product

Powerprotect Data Manager Dm5500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Powerprotect Data Manager Dm5500 Firmware	Up to 5.14.0.0

Running on/with	Platform Versions
Dell Powerprotect Data Manager Dm5500	All versions

Related CWEs

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.