Powerpath
CVE-2023-32448
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.
AnalysisAI
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-312. PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems. Affected products include: Dell Powerpath.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. Rated high s
PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. Rated high severity (CVSS 7.3), t
Same weakness CWE-312 – Cleartext Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today