Hard-Coded Cryptographic Key Vulnerability in Dell PowerPath Management Appliance
CVE-2021-43587

8.2HIGH

Key Information:

Vendor: Dell
Status: Powerpath Management Appliance
Vendor: CVE Published:; 21 December 2021

What is CVE-2021-43587?

Dell PowerPath Management Appliance versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6 contain a hard-coded cryptographic key, which may allow a local high-privileged user to exploit this vulnerability. By gaining access to sensitive information, the user could potentially escalate their privileges and compromise the application.

Affected Version(s)

PowerPath Management Appliance < 3.2 P01

References

https://www.dell.com/support/kbdoc/en-us/000194083/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2021
Vulnerability Reserved
Nov 12, 2021