Impact
The script update_disk_psu_baseline.sh on Dell EMC VxRail Appliances stores a password in plain text, representing a cryptographic key storage weakness (CWE‑256). This vulnerability can lead to the disclosure of privileged credentials if the script is accessed or copied by an attacker, potentially allowing unauthorized authentication to services that use that password.
Affected Systems
Dell EMC VxRail Appliance is affected, and the vulnerability is addressed by Dell’s DSA‑2024‑247 security update.
Risk and Exploitability
The CVSS score of 7.4 signals a high‑severity flaw. However, the EPSS score of less than 1 % suggests that exploitation is unlikely at present, and the vulnerability is not listed in CISA’s KEV catalog. Attackers would most likely exploit the weakness by obtaining local access to the file system and reading the script, or via any tooling that exposes its contents, after which they could use the plaintext password to authenticate to privileged components of the VxRail environment.
OpenCVE Enrichment