CVE-2019-3753
MEDIUMDell EMC PowerConnect < 5.1.15.2 - Authenticated Plain-Text Password Exposure
Title source: llmDescription
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.dell.com/support/article/sln318359/
Scores
CVSS v3
6.5
EPSS
0.0012
EPSS Percentile
29.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-312
Status
published
Products (6)
dell/emc_powerconnect_7000_firmware
< 5.1.15.2
dell/emc_powerconnect_8024_firmware
< 5.1.15.2
dell/emc_powerconnect_m6220_firmware
< 5.1.15.2
dell/emc_powerconnect_m6348_firmware
< 5.1.15.2
dell/emc_powerconnect_m8024-k_firmware
< 5.1.15.2
dell/emc_powerconnect_m8024_firmware
< 5.1.15.2
Published
Aug 20, 2019
Tracked Since
Feb 18, 2026