CVE-2025-36568

HIGH

7.8

Descripcion

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadHIGH

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado4/17/2026

Ultima modificacion4/20/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

dell:data_domain_operating_system

Debilidades (CWE)

CWE-522

Referencias

https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities(security_alert@emc.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.