Plain-text Password Storage Vulnerability in Dell VxVerify Could Lead to Credential Theft
CVE-2024-53292

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Vxrail Hyperconverged Infrastructure
Vendor: CVE Published:; 11 December 2024

What is CVE-2024-53292?

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

References

https://www.dell.com/support/kbdoc/en-us/000258964/dsa-20...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2024

CVE-2024-53292 Data

JSON