Use of Hard-coded Cryptographic Key

CVE-2022-34441

High

8/10

Summary

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-321 - Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

Advisory Timeline

Published Jan 11, 2023

Use of Hard-coded Cryptographic Key

CVE-2022-34441

Summary

CWE-321 - Use of Hard-coded Cryptographic Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS