Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3736

Опубликовано: 27 сент. 2019
Источник: nvd
CVSS3: 8.2
CVSS3: 7.2
CVSS2: 4
EPSS Низкий

Описание

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:dell:emc_idpa_dp4400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp5800:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp8300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_idpa_dp8800:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00073
Низкий

8.2 High

CVSS3

7.2 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-257
CWE-327

Связанные уязвимости

github логотип

GHSA-q7wx-2q75-9872

github
больше 3 лет назад

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

EPSS

Процентиль: 22%
0.00073
Низкий

8.2 High

CVSS3

7.2 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-257
CWE-327