Lucene search

[email protected]CVE-2023-32448

HistoryMay 30, 2023 - 4:15 p.m.

CVE-2023-32448

2023-05-3016:15:09

CWE-312

[email protected]

web.nvd.nist.gov

powerpath

windows

license key

cleartext

vulnerability

nvd

cve-2023-32448

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.

Affected configurations

Vulners

NVD

Node

dellpowerpathMatch7.0windows

VendorProductVersionCPE
dellpowerpath7.1cpe:/a:dell:powerpath:7.1:::
dellpowerpath7.2cpe:/a:dell:powerpath:7.2:::
dellpowerpath7.0cpe:/a:dell:powerpath:7.0:::

Vendor	Product	Version	CPE
dell	powerpath	7.1	cpe:/a:dell:powerpath:7.1:::
dell	powerpath	7.2	cpe:/a:dell:powerpath:7.2:::
dell	powerpath	7.0	cpe:/a:dell:powerpath:7.0:::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerPath Windows",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "7.0, 7.1 & 7.2"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-32448

nvd1 cvelist1 prion1