Plain-text Password Storage Vulnerability in Dell DM5500 Appliances
CVE-2023-44300
5.5MEDIUM
Key Information:
- Vendor
- Dell
- Vendor
- CVE Published:
- 4 December 2023
Summary
In the Dell DM5500 version 5.14.0.0, a vulnerability exists in the PPOE component that allows storage of user passwords in plain text. This flaw may be exploited by a local attacker who has gained certain privileges, resulting in the potential disclosure of sensitive user credentials. Once exposed, these credentials could be leveraged to gain unauthorized access to the application at the same privilege level as the compromised account, posing significant risks to data security and application integrity.
Affected Version(s)
Dell PowerProtect Data Manager DM5500 Appliance DM5500 5.14 and below
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved