License Key Exposure in PowerPath by Dell for Windows Users
CVE-2023-32448

5.5MEDIUM

Key Information:

Vendor: Dell
Status: PowerPath Windows
Vendor: CVE Published:; 30 May 2023

Summary

PowerPath for Windows versions 7.0, 7.1, and 7.2 is affected by a vulnerability that allows local users to access the installation directory and retrieve the license key stored in cleartext. This exposure can enable unauthorized installations and licensing of PowerPath on different systems, posing a significant security risk for organizations using this product.

Affected Version(s)

PowerPath Windows 7.0, 7.1 & 7.2

References

https://www.dell.com/support/kbdoc/en-us/000214248/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
May 9, 2023