CVE-2024-29170Hard-coded Credentials in Dell Powerscale Onefs

CWE-798Hard-coded Credentials3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 45.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedJun 4

Description

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.2.x9.8.0.x
NVDdell/powerscale_onefs8.2.09.8.0.0

🔴Vulnerability Details

2
CVEList
CVE-2024-29170: Dell PowerScale OneFS versions 82024-06-04
GHSA
GHSA-c2pw-wgxg-wjm9: Dell PowerScale OneFS versions 82024-06-04
CVE-2024-29170 — Hard-coded Credentials in Dell | cvebase