Main Vulnerability Database Vulnerabilities #VU92999

#VU92999 Use of hard-coded credentials in PowerScale OneFS - CVE-2024-29170

Published: June 21, 2024

Vulnerability identifier: #VU92999

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-29170

CWE-ID: CWE-798

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
PowerScale OneFS

Software vendor:
Dell

Description

The vulnerability allows an adjacent network attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. An adjacent network unauthenticated attacker can potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/en-us/000225667/dsa-2024-210-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities