Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3753

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

Published

2019-08-20T19:15:11.357

Last Modified

2024-11-21T04:42:28.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-312
Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	emc_powerconnect_8024_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_8024	-	No
Operating System	dell	emc_powerconnect_7000_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_7000	-	No
Operating System	dell	emc_powerconnect_m6348_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_m6348	-	No
Operating System	dell	emc_powerconnect_m6220_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_m6220	-	No
Operating System	dell	emc_powerconnect_m8024_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_m8024	-	No
Operating System	dell	emc_powerconnect_m8024-k_firmware	< 5.1.15.2	Yes
Hardware	dell	emc_powerconnect_m8024-k	-	No

References

https://www.dell.com/support/article/sln318359/ Vendor Advisory ([email protected])
https://www.dell.com/support/article/sln318359/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)