Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-15766

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.

Published

2018-10-11T19:29:00.230

Last Modified

2024-11-21T03:51:25.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-521

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	encryption	< 10.0.1	Yes
Application	dell	endpoint_security_suite_enterprise	< 2.0.1	Yes

References

https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en Mitigation, Vendor Advisory ([email protected])
https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)