Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  EUVD | EUVD-2024-51942 | Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    Tue, 04 Feb 2025 16:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Dell Dell vxrail Hyperconverged Infrastructure | |
| Weaknesses | CWE-522 | |
| CPEs | cpe:2.3:a:dell:vxrail_hyperconverged_infrastructure:*:*:*:*:*:*:*:* | |
| Vendors & Products | Dell Dell vxrail Hyperconverged Infrastructure | 
Wed, 11 Dec 2024 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 11 Dec 2024 08:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | |
| Weaknesses | CWE-256 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: dell
Published:
Updated: 2024-12-11T15:09:35.982Z
Reserved: 2024-11-20T06:05:04.566Z
Link: CVE-2024-53292
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-11T15:09:30.418Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-11T08:15:06.423
Modified: 2025-02-04T16:16:22.017
Link: CVE-2024-53292
 Redhat
                        Redhat
                    No data.
 OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.