Hardcoded Cryptographic Keys Vulnerability in PowerPath Management Appliance by Dell
CVE-2022-34449

6MEDIUM

Key Information:

Vendor: Dell
Status: Powerpath Management Appliance
Vendor: CVE Published:; 11 February 2023

What is CVE-2022-34449?

The PowerPath Management Appliance, specifically versions 3.3 and 3.2*, contains a vulnerability that stems from hardcoded cryptographic keys. Authenticated admin users can exploit this issue, allowing unauthorized access to view and potentially modify sensitive information stored within the application. This vulnerability poses significant risks to data integrity and confidentiality, potentially leading to unauthorized data exposure.

Affected Version(s)

PowerPath Management Appliance 3.3,3.2*

References

https://www.dell.com/support/kbdoc/000205404

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Jun 23, 2022