CVE-2019-3736 HIGH

CVE-2019-3736

Vendor Dell
Product Integrated Data Protection Appliance
Weakness CWE-257
Published September 27, 2019
Last update September 17, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

Key dates

02Disclosure timeline

September 27, 2019 CVE published
September 17, 2024 Record updated