CVE-2022-29085
published 2022-06-02CVE-2022-29085: Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | unity | >= unspecified < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unity_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unity_xt_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unityvsa_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |