Description
An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
High
Affected products
- Broadcom / BCM5820XNA – NA
- Dell / ControlVault30 – 5.15.10.14
- Dell / ControlVault3 Plus0 – 6.2.26.36