Lucene search

DellCVELIST:CVE-2022-34442

HistoryJan 18, 2023 - 6:54 a.m.

CVE-2022-34442

2023-01-1806:54:35

CWE-321

dell

www.cve.org

dell emc

scg policy manager

hard-coded cryptographic key

ldap user privileges

8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Connect Gateway (SCG) Policy Manager",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "5.12",
        "status": "affected",
        "version": "5.10",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000204995/dsa-2022-273-dell-secure-connect-gateway-policy-manager-security-update-for-multiple-proprietary-code-vulnerabilities

8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for CVELIST:CVE-2022-34442