Information Disclosure Vulnerability in Dell EMC XtremIO Storage Management Software
CVE-2019-18576

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Xtremio
Vendor: CVE Published:; 13 March 2020

Summary

The Dell EMC XtremIO storage management system suffers from a vulnerability that allows local OS users to access sensitive information due to improper logging practices. Specifically, user passwords are recorded in local log files. Malicious local users who gain access to these logs can exploit the leaked credentials to infiltrate the XtremIO system with the permissions of the affected user, potentially leading to unauthorized access and data breaches. Administrators are urged to update to the latest version to mitigate this risk.

Affected Version(s)

XtremIO < 6.3.0

References

https://www.dell.com/support/security/en-us/details/53970...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2020
Vulnerability Reserved
Oct 29, 2019