Dell Encryption Enterprise \ Dell Data Protection Encryption Information Disclosure Vulnerability
CVE-2018-15773

4.3MEDIUM

Key Information:

Vendor: Dell
Status: Dell Encryption (formerly Dell Data Protection | Encryption)
Vendor: CVE Published:; 5 December 2018

Summary

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.

Affected Version(s)

Dell Encryption (formerly Dell Data Protection | Encryption) < 10.1.0

References

https://www.dell.com/support/article/us/en/04/sln314963/d...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 5, 2018
Vulnerability Reserved
Aug 23, 2018

Credit

Dell would like to thank Jan van der Put and Harm Blankers of REQON Security for reporting this vulnerability.