CVE-2022-29085 — Plaintext Storage of a Password in Dell Unity

CWE-256 — Plaintext Storage of a Password CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

6.7MEDIUMNVD

CNA6.4

EPSS

0.1%

top 71.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment Dell Unity XT Operating Environment +1 more

Timeline

PublishedJun 2

Latest updateJun 3

Description

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/unityvsa_operating_environment< 5.2.0.0.5.173

▶CVEListV5dell/unityunspecified — 5.2.0.0.5.173

▶NVDdell/unity_operating_environment< 5.2.0.0.5.173

▶NVDdell/unity_xt_operating_environment< 5.2.0.0.5.173

🔴Vulnerability Details

GHSA

GHSA-pgv4-5r2v-vqfp: Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5↗2022-06-03

▶

CVEList

CVE-2022-29085: Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5↗2022-06-02

▶