Lucene search

[email protected]CVE-2023-44300

HistoryDec 04, 2023 - 9:15 a.m.

CVE-2023-44300

2023-12-0409:15:35

CWE-256

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-44300

dell

dm5500

ppoe

plain-text password storage

vulnerability

user credentials

local attacker

privileges

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Affected configurations

NVD

Node

dellpowerprotect_data_manager_dm5500_firmwareRange≤5.14.0.0

AND

dellpowerprotect_data_manager_dm5500Match-

CPENameOperatorVersion
dell:powerprotect_data_manager_dm5500_firmwaredell powerprotect data manager dm5500 firmwarele5.14.0.0

CPE	Name	Operator	Version
dell:powerprotect_data_manager_dm5500_firmware	dell powerprotect data manager dm5500 firmware	le	5.14.0.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell PowerProtect Data Manager DM5500 Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "DM5500 5.14 and below"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities