CVE-2025-21102

Jan. 24, 2025, 7:10 p.m.

7.5
High

Description

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Product(s) Impacted

Vendor Product Versions
Dell
  • Vxrail D560 Firmware
  • Vxrail D560
  • Vxrail D560f Firmware
  • Vxrail D560f
  • Vxrail E460 Firmware
  • Vxrail E460
  • Vxrail E560 Firmware
  • Vxrail E560
  • Vxrail E560 Vcf Firmware
  • Vxrail E560 Vcf
  • Vxrail E560f Firmware
  • Vxrail E560f
  • Vxrail E560f Vcf Firmware
  • Vxrail E560f Vcf
  • Vxrail E560n Firmware
  • Vxrail E560n
  • Vxrail E560n Vcf Firmware
  • Vxrail E560n Vcf
  • Vxrail E660 Firmware
  • Vxrail E660
  • Vxrail E660f Firmware
  • Vxrail E660f
  • Vxrail E660n Firmware
  • Vxrail E660n
  • Vxrail E665 Firmware
  • Vxrail E665
  • Vxrail E665f Firmware
  • Vxrail E665f
  • Vxrail E665n Firmware
  • Vxrail E665n
  • Vxrail G560 Firmware
  • Vxrail G560
  • Vxrail G560 Vcf Firmware
  • Vxrail G560 Vcf
  • Vxrail G560f Firmware
  • Vxrail G560f
  • Vxrail P470 Firmware
  • Vxrail P470
  • Vxrail P570 Firmware
  • Vxrail P570
  • Vxrail P570 Vcf Firmware
  • Vxrail P570 Vcf
  • Vxrail P570f Firmware
  • Vxrail P570f
  • Vxrail P570f Vcf Firmware
  • Vxrail P570f Vcf
  • Vxrail P580n Firmware
  • Vxrail P580n
  • Vxrail P580n Vcf Firmware
  • Vxrail P580n Vcf
  • Vxrail P670f Firmware
  • Vxrail P670f
  • Vxrail P670n Firmware
  • Vxrail P670n
  • Vxrail P675f Firmware
  • Vxrail P675f
  • Vxrail P675n Firmware
  • Vxrail P675n
  • Vxrail S470 Firmware
  • Vxrail S470
  • Vxrail S570 Firmware
  • Vxrail S570
  • Vxrail S570 Vcf Firmware
  • Vxrail S570 Vcf
  • Vxrail S670 Firmware
  • Vxrail S670
  • Vxrail V470 Firmware
  • Vxrail V470
  • Vxrail V570 Firmware
  • Vxrail V570
  • Vxrail V570 Vcf Firmware
  • Vxrail V570 Vcf
  • Vxrail V670f Firmware
  • Vxrail V670f
  • Vxrail Vd-4000r Firmware
  • Vxrail Vd-4000r
  • Vxrail Vd-4000w Firmware
  • Vxrail Vd-4000w
  • Vxrail Vd-4000z Firmware
  • Vxrail Vd-4000z
  • Vxrail Vd-4510c Firmware
  • Vxrail Vd-4510c
  • Vxrail Vd-4520c Firmware
  • Vxrail Vd-4520c
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-256
Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o dell vxrail_d560_firmware / / / / / / / /
h dell vxrail_d560 - / / / / / / /
o dell vxrail_d560f_firmware / / / / / / / /
h dell vxrail_d560f - / / / / / / /
o dell vxrail_e460_firmware / / / / / / / /
h dell vxrail_e460 - / / / / / / /
o dell vxrail_e560_firmware / / / / / / / /
h dell vxrail_e560 - / / / / / / /
o dell vxrail_e560_vcf_firmware / / / / / / / /
h dell vxrail_e560_vcf - / / / / / / /
o dell vxrail_e560f_firmware / / / / / / / /
h dell vxrail_e560f - / / / / / / /
o dell vxrail_e560f_vcf_firmware / / / / / / / /
h dell vxrail_e560f_vcf - / / / / / / /
o dell vxrail_e560n_firmware / / / / / / / /
h dell vxrail_e560n - / / / / / / /
o dell vxrail_e560n_vcf_firmware / / / / / / / /
h dell vxrail_e560n_vcf - / / / / / / /
o dell vxrail_e660_firmware / / / / / / / /
h dell vxrail_e660 - / / / / / / /
o dell vxrail_e660f_firmware / / / / / / / /
h dell vxrail_e660f - / / / / / / /
o dell vxrail_e660n_firmware / / / / / / / /
h dell vxrail_e660n - / / / / / / /
o dell vxrail_e665_firmware / / / / / / / /
h dell vxrail_e665 - / / / / / / /
o dell vxrail_e665f_firmware / / / / / / / /
h dell vxrail_e665f - / / / / / / /
o dell vxrail_e665n_firmware / / / / / / / /
h dell vxrail_e665n - / / / / / / /
o dell vxrail_g560_firmware / / / / / / / /
h dell vxrail_g560 - / / / / / / /
o dell vxrail_g560_vcf_firmware / / / / / / / /
h dell vxrail_g560_vcf - / / / / / / /
o dell vxrail_g560f_firmware / / / / / / / /
h dell vxrail_g560f - / / / / / / /
o dell vxrail_p470_firmware / / / / / / / /
h dell vxrail_p470 - / / / / / / /
o dell vxrail_p570_firmware / / / / / / / /
h dell vxrail_p570 - / / / / / / /
o dell vxrail_p570_vcf_firmware / / / / / / / /
h dell vxrail_p570_vcf - / / / / / / /
o dell vxrail_p570f_firmware / / / / / / / /
h dell vxrail_p570f - / / / / / / /
o dell vxrail_p570f_vcf_firmware / / / / / / / /
h dell vxrail_p570f_vcf - / / / / / / /
o dell vxrail_p580n_firmware / / / / / / / /
h dell vxrail_p580n - / / / / / / /
o dell vxrail_p580n_vcf_firmware / / / / / / / /
h dell vxrail_p580n_vcf - / / / / / / /
o dell vxrail_p670f_firmware / / / / / / / /
h dell vxrail_p670f - / / / / / / /
o dell vxrail_p670n_firmware / / / / / / / /
h dell vxrail_p670n - / / / / / / /
o dell vxrail_p675f_firmware / / / / / / / /
h dell vxrail_p675f - / / / / / / /
o dell vxrail_p675n_firmware / / / / / / / /
h dell vxrail_p675n - / / / / / / /
o dell vxrail_s470_firmware / / / / / / / /
h dell vxrail_s470 - / / / / / / /
o dell vxrail_s570_firmware / / / / / / / /
h dell vxrail_s570 - / / / / / / /
o dell vxrail_s570_vcf_firmware / / / / / / / /
h dell vxrail_s570_vcf - / / / / / / /
o dell vxrail_s670_firmware / / / / / / / /
h dell vxrail_s670 - / / / / / / /
o dell vxrail_v470_firmware / / / / / / / /
h dell vxrail_v470 - / / / / / / /
o dell vxrail_v570_firmware / / / / / / / /
h dell vxrail_v570 - / / / / / / /
o dell vxrail_v570_vcf_firmware / / / / / / / /
h dell vxrail_v570_vcf - / / / / / / /
o dell vxrail_v670f_firmware / / / / / / / /
h dell vxrail_v670f - / / / / / / /
o dell vxrail_vd-4000r_firmware / / / / / / / /
h dell vxrail_vd-4000r - / / / / / / /
o dell vxrail_vd-4000w_firmware / / / / / / / /
h dell vxrail_vd-4000w - / / / / / / /
o dell vxrail_vd-4000z_firmware / / / / / / / /
h dell vxrail_vd-4000z - / / / / / / /
o dell vxrail_vd-4510c_firmware / / / / / / / /
h dell vxrail_vd-4510c - / / / / / / /
o dell vxrail_vd-4520c_firmware / / / / / / / /
h dell vxrail_vd-4520c - / / / / / / /

References

https://www.dell.com/support/kbdoc/en-us/000269793/dsa-2025-027-security-update-for-dell-vxrail-for-multiple-vulnerabilities?ref=emcadvisory_000269793_High_null

Tags

security_alert@emc.com
CWE-256
CWE-522
2025-01-08
CVE-2025-21102

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: HIGH
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Jan. 8, 2025, 12:15 p.m.
Last Modified: Jan. 24, 2025, 7:10 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

security_alert@emc.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.