Main Vulnerability Database Vulnerabilities #VU76583

Cleartext storage of sensitive information in PowerPath Windows - CVE-2023-32448

Published: May 26, 2023

Vulnerability identifier: #VU76583

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32448

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Dell

Affected software:
PowerPath Windows

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application stores its license key stored locally in clear text. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.

How to mitigate CVE-2023-32448

Install updates from vendor's website.

Sources

https://www.dell.com/support/kbdoc/nl-nl/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities

Cleartext storage of sensitive information in PowerPath Windows - CVE-2023-32448

Detailed vulnerability description

How to mitigate CVE-2023-32448

Sources

Please verify you're human