Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-29085

Опубликовано: 02 июн. 2022
Источник: nvd
CVSS3: 6.4
CVSS3: 6.7
CVSS2: 4.6
EPSS Низкий

Описание

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.2.0.0.5.173 (исключая)
cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.2.0.0.5.173 (исключая)
cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*
Версия до 5.2.0.0.5.173 (исключая)

EPSS

Процентиль: 29%
0.00103
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-256
CWE-522

Связанные уязвимости

github логотип

GHSA-pgv4-5r2v-vqfp

CVSS3: 6.7
github
больше 3 лет назад

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

EPSS

Процентиль: 29%
0.00103
Низкий

6.4 Medium

CVSS3

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-256
CWE-522