First published: Fri Sep 27 2019(Updated: )
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Emc Integrated Data Protection Appliance Firmware | =2.0 | |
Dell Emc Integrated Data Protection Appliance Firmware | =2.1 | |
Dell Emc Integrated Data Protection Appliance Firmware | =2.2 | |
Dell Emc Idpa Dp4400 | ||
Dell Emc Idpa Dp5800 | ||
Dell Emc Idpa Dp8300 | ||
Dell Emc Idpa Dp8800 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2019-3736.
The severity of CVE-2019-3736 is high with a severity value of 7.2.
The affected software is Dell EMC Integrated Data Protection Appliance versions prior to 2.3.
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component.
A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to ac…