DSA-2019-124: Dell EMC PowerConnect Security Vulnerability
Résumé: Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K firmware has been updated to address a vulnerability which may be potentially exploited to compromise the system.
Cet article concerne
Cet article ne concerne pas
Cet article n’est associé à aucun produit spécifique.
Toutes les versions du produit ne sont pas identifiées dans cet article.
Impact
High
Détails
Dell PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
CVSS Base Score:7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Dell PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.
CVSS Base Score:7.2 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Produits concernés et mesure corrective
Affected products:
The below Dell EMC PowerConnect models running firmware versions prior to 5.1.15.2:
- 8024
- 7000
- M6348
- M6220
- M8024
- M8024-K
Remediation:
The following Dell EMC PowerConnect firmware release contains a resolution to the vulnerability:
- Dell EMC PowerConnect firmware version 5.1.15.2 and later.
Customers can download the latest firmware version at the support site for their respective model below:
- 8024: https://www.dell.com/support/home/product-support/product/powerconnect-8024/drivers
- 7024: https://www.dell.com/support/home/product-support/product/powerconnect-7024/drivers
- M6348: https://www.dell.com/support/home/product-support/product/powerconnect-m6348/drivers
- M6220: https://www.dell.com/support/home/product-support/product/powerconnect-m6220/drivers
- M8024: https://www.dell.com/support/home/product-support/product/powerconnect-m8024/drivers
- M8024-K: https://www.dell.com/support/home/product-support/product/powerconnect-m8024-k/drivers
Dell EMC recommends all customers upgrade at the earliest opportunity.
Affected products:
The below Dell EMC PowerConnect models running firmware versions prior to 5.1.15.2:
- 8024
- 7000
- M6348
- M6220
- M8024
- M8024-K
Remediation:
The following Dell EMC PowerConnect firmware release contains a resolution to the vulnerability:
- Dell EMC PowerConnect firmware version 5.1.15.2 and later.
Customers can download the latest firmware version at the support site for their respective model below:
- 8024: https://www.dell.com/support/home/product-support/product/powerconnect-8024/drivers
- 7024: https://www.dell.com/support/home/product-support/product/powerconnect-7024/drivers
- M6348: https://www.dell.com/support/home/product-support/product/powerconnect-m6348/drivers
- M6220: https://www.dell.com/support/home/product-support/product/powerconnect-m6220/drivers
- M8024: https://www.dell.com/support/home/product-support/product/powerconnect-m8024/drivers
- M8024-K: https://www.dell.com/support/home/product-support/product/powerconnect-m8024-k/drivers
Dell EMC recommends all customers upgrade at the earliest opportunity.
Remerciements
Dell EMC would like to thank Daniel Cobb (@droctapus1) for reporting this vulnerability.
Informations connexes
Mention légale
Produits concernés
PowerConnect M6220, PowerConnect M6348, PowerConnect M8024, PowerConnect M8024-KPropriétés de l’article
Numéro d’article: 000125969
Type d’article: Dell Security Advisory
Dernière modification: 05 juin 2025
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.