CVE-2024-53292

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.6 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

D

ell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000258964/dsa-2024-492-security-update-dell-vxverify-on-vxrail-plaintext-password-storage-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:vxrail_hyperconverged_infrastructure:*:*:*:*:*:*:*:*

History

04 Feb 2025, 16:16

Type	Values Removed	Values Added
First Time		Dell vxrail Hyperconverged Infrastructure Dell
CPE		cpe:2.3:a:dell:vxrail_hyperconverged_infrastructure::::::::
CWE		CWE-522
References	~~() https://www.dell.com/support/kbdoc/en-us/000258964/dsa-2024-492-security-update-dell-vxverify-on-vxrail-plaintext-password-storage-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000258964/dsa-2024-492-security-update-dell-vxverify-on-vxrail-plaintext-password-storage-vulnerabilities - Vendor Advisory

11 Dec 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-11 08:15

Updated : 2025-02-04 16:16

NVD link : CVE-2024-53292

Mitre link : CVE-2024-53292

CVE.ORG link : CVE-2024-53292

JSON object : View

Products Affected

vxrail_hyperconverged_infrastructure

CWE

CWE-256

Plaintext Storage of a Password

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-53292", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-12-11T08:15:06.423", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000258964/dsa-2024-492-security-update-dell-vxverify-on-vxrail-plaintext-password-storage-vulnerabilities", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-256"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account."}, {"lang": "es", "value": "Dell VxVerify, versiones anteriores a x.40.405, contienen una vulnerabilidad de almacenamiento de contrase\u00f1as en texto plano en el contenedor de shell. Un atacante local con privilegios elevados podr\u00eda aprovechar esta vulnerabilidad, lo que llevar\u00eda a la divulgaci\u00f3n de ciertas credenciales de usuario. El atacante podr\u00eda usar las credenciales expuestas para acceder al componente vulnerable con privilegios de la cuenta comprometida."}], "lastModified": "2025-02-04T16:16:22.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:vxrail_hyperconverged_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B43C1AA-2261-46C8-BFD5-6C299616827E", "versionEndExcluding": "x.40.405"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}