Description
Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-01-27
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privileges via Plaintext Password Storage
Action: Apply Update
AI Analysis

Impact

The vulnerability is caused by storing passwords in clear text within Dell CloudBoost Virtual Appliance firmware prior to version 19.14.0.0. This flaw permits a high‑privileged attacker who obtains remote access to retrieve or modify authentication credentials, which can lead to elevation of privileges. The weakness corresponds to CWE‑256, a flaw that directly compromises credential confidentiality.

Affected Systems

All releases of Dell CloudBoost Virtual Appliance before version 19.14.0.0 are affected. The vulnerability applies to every deployment of the appliance that has not been updated to the security package DSA‑2026‑025.

Risk and Exploitability

The CVSS v3.1 score of 7.0 denotes medium‑to‑high severity. The EPSS probability is recorded as less than 1 %, indicating a currently low chance of exploitation, but the existence of plaintext credential storage increases risk if discovered. The vulnerability is not listed in the CISA KEV catalog, so no publicly confirmed exploit is known. Exploitation requires remote access and high‑privilege credentials.

Generated by OpenCVE AI on April 18, 2026 at 14:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install Dell CloudBoost Virtual Appliance security update DSA-2026-025 to upgrade to version 19.14.0.0 or later
  • Restrict remote management access by configuring firewall or VPN rules to limit exposure to trusted networks
  • Disable or limit external management interfaces not required for operation to reduce attack surface

Generated by OpenCVE AI on April 18, 2026 at 14:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title Plaintext Password Storage in Dell CloudBoost Virtual Appliance Leading to Privilege Escalation

Fri, 06 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:cloudboost_virtual_appliance:*:*:*:*:*:*:*:*

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell cloudboost Virtual Appliance
Vendors & Products Dell
Dell cloudboost Virtual Appliance

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-256
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Dell Cloudboost Virtual Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-01-27T14:55:45.114Z

Reserved: 2025-12-24T16:33:47.094Z

Link: CVE-2026-21417

cve-icon Vulnrichment

Updated: 2026-01-27T14:55:37.270Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T10:15:48.763

Modified: 2026-02-06T20:07:51.817

Link: CVE-2026-21417

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses