Lucene search

DellCVELIST:CVE-2023-44300

HistoryDec 04, 2023 - 8:36 a.m.

CVE-2023-44300

2023-12-0408:36:47

CWE-256

dell

www.cve.org

dell

dm5500

vulnerability

password storage

disclosure

local attacker

service credentials

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell PowerProtect Data Manager DM5500 Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "DM5500 5.14 and below"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-44300