CVE-2019-3753 HIGH

CVE-2019-3753

Vendor Dell Emc
Product PowerConnect 8024
Weakness CWE-312 · Cleartext storage
Published August 20, 2019
Last update September 16, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

Key dates

02Disclosure timeline

August 20, 2019 CVE published
September 16, 2024 Record updated