CVE-2024-22432

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities - Vendor Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 7.8

01 Feb 2024, 17:00

Type Values Removed Values Added
First Time Dell
Dell networker
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities - Vendor Advisory
CWE CWE-522
CPE cpe:2.3:a:dell:networker:*:*:*:*:*:*:*:*

25 Jan 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-25 15:15

Updated : 2024-11-21 08:56


NVD link : CVE-2024-22432

Mitre link : CVE-2024-22432

CVE.ORG link : CVE-2024-22432


JSON object : View

Products Affected

dell

  • networker
CWE
CWE-256

Plaintext Storage of a Password

CWE-522

Insufficiently Protected Credentials