DSA-2019-124: Dell EMC PowerConnect Security Vulnerability
概要: Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K firmware has been updated to address a vulnerability which may be potentially exploited to compromise the system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
Dell PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
CVSS Base Score:7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Dell PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
CVSS Base Score:7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
影響を受ける製品と修復
Affected products:
The below Dell EMC PowerConnect models running firmware versions prior to 5.1.15.2:
- 8024
- 7000
- M6348
- M6220
- M8024
- M8024-K
Remediation:
The following Dell EMC PowerConnect firmware release contains a resolution to the vulnerability:
- Dell EMC PowerConnect firmware version 5.1.15.2 and later.
Customers can download the latest firmware version at the support site for their respective model below:
- 8024: https://www.dell.com/support/home/product-support/product/powerconnect-8024/drivers
- 7024: https://www.dell.com/support/home/product-support/product/powerconnect-7024/drivers
- M6348: https://www.dell.com/support/home/product-support/product/powerconnect-m6348/drivers
- M6220: https://www.dell.com/support/home/product-support/product/powerconnect-m6220/drivers
- M8024: https://www.dell.com/support/home/product-support/product/powerconnect-m8024/drivers
- M8024-K: https://www.dell.com/support/home/product-support/product/powerconnect-m8024-k/drivers
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
The below Dell EMC PowerConnect models running firmware versions prior to 5.1.15.2:
- 8024
- 7000
- M6348
- M6220
- M8024
- M8024-K
Remediation:
The following Dell EMC PowerConnect firmware release contains a resolution to the vulnerability:
- Dell EMC PowerConnect firmware version 5.1.15.2 and later.
Customers can download the latest firmware version at the support site for their respective model below:
- 8024: https://www.dell.com/support/home/product-support/product/powerconnect-8024/drivers
- 7024: https://www.dell.com/support/home/product-support/product/powerconnect-7024/drivers
- M6348: https://www.dell.com/support/home/product-support/product/powerconnect-m6348/drivers
- M6220: https://www.dell.com/support/home/product-support/product/powerconnect-m6220/drivers
- M8024: https://www.dell.com/support/home/product-support/product/powerconnect-m8024/drivers
- M8024-K: https://www.dell.com/support/home/product-support/product/powerconnect-m8024-k/drivers
Dell EMC recommends all customers upgrade at the earliest opportunity.
確認
Dell EMC would like to thank Daniel Cobb (@droctapus1) for reporting this vulnerability.
関連情報
法的免責事項
対象製品
PowerConnect M6220, PowerConnect M6348, PowerConnect M8024, PowerConnect M8024-K文書のプロパティ
文書番号: 000125969
文書の種類: Dell Security Advisory
最終更新: 05 6月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。