Vulnerability Description
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Powerconnect 8024 Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect 8024 | - |
| Dell | Emc Powerconnect 7000 Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect 7000 | - |
| Dell | Emc Powerconnect M6348 Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect M6348 | - |
| Dell | Emc Powerconnect M6220 Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect M6220 | - |
| Dell | Emc Powerconnect M8024 Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect M8024 | - |
| Dell | Emc Powerconnect M8024-K Firmware | < 5.1.15.2 |
| Dell | Emc Powerconnect M8024-K | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/article/sln318359/Vendor Advisory
- https://www.dell.com/support/article/sln318359/Vendor Advisory
FAQ
What is CVE-2019-3753?
CVE-2019-3753 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored ...
How severe is CVE-2019-3753?
CVE-2019-3753 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3753?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Powerconnect 8024 Firmware, Dell Emc Powerconnect 8024, Dell Emc Powerconnect 7000 Firmware, Dell Emc Powerconnect 7000, Dell Emc Powerconnect M6348 Firmware.