{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21417", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-12-24T16:33:47.094Z", "datePublished": "2026-01-27T09:28:01.023Z", "dateUpdated": "2026-01-27T14:55:45.114Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CloudBoost Virtual Appliance", "vendor": "Dell", "versions": [{"lessThan": "19.14.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2026-01-25T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>"}], "value": "Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256: Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-27T09:28:01.023Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000419894/dsa-2026-025-security-update-for-dell-cloudboost-virtual-appliance-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T14:55:28.251511Z", "id": "CVE-2026-21417", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:55:45.114Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21417", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T14:55:28.251511Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T14:55:37.270Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "CloudBoost Virtual Appliance", "versions": [{"status": "affected", "version": "N/A", "lessThan": "19.14.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-01-25T18:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000419894/dsa-2026-025-security-update-for-dell-cloudboost-virtual-appliance-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.", "supportingMedia": [{"type": "text/html", "value": "Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256: Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-01-27T09:28:01.023Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21417", "state": "PUBLISHED", "dateUpdated": "2026-01-27T14:55:45.114Z", "dateReserved": "2025-12-24T16:33:47.094Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-01-27T09:28:01.023Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:cloudboost_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "91B0DB8F-173A-47CD-98C9-88C5CC837A6D", "versionEndExcluding": "19.14.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges."}], "id": "CVE-2026-21417", "lastModified": "2026-02-06T20:07:51.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-27T10:15:48.763", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000419894/dsa-2026-025-security-update-for-dell-cloudboost-virtual-appliance-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:50:24.039848+00:00", "value": {"mitigation_remediation": ["Download and install Dell CloudBoost Virtual Appliance security update DSA-2026-025 to upgrade to version 19.14.0.0 or later", "Restrict remote management access by configuring firewall or VPN rules to limit exposure to trusted networks", "Disable or limit external management interfaces not required for operation to reduce attack surface"], "summary": {"action": "Apply Update", "impact": "Elevation of Privileges via Plaintext Password Storage"}, "threat_synthesis": {"affected_systems": "All releases of Dell CloudBoost Virtual Appliance before version 19.14.0.0 are affected. The vulnerability applies to every deployment of the appliance that has not been updated to the security package DSA\u20112026\u2011025.", "description_and_impact": "The vulnerability is caused by storing passwords in clear text within Dell CloudBoost Virtual Appliance firmware prior to version 19.14.0.0. This flaw permits a high\u2011privileged attacker who obtains remote access to retrieve or modify authentication credentials, which can lead to elevation of privileges. The weakness corresponds to CWE\u2011256, a flaw that directly compromises credential confidentiality.", "risk_and_exploitability": "The CVSS v3.1 score of 7.0 denotes medium\u2011to\u2011high severity. The EPSS probability is recorded as less than 1\u202f%, indicating a currently low chance of exploitation, but the existence of plaintext credential storage increases risk if discovered. The vulnerability is not listed in the CISA KEV catalog, so no publicly confirmed exploit is known. Exploitation requires remote access and high\u2011privilege credentials."}}}}, "created": "2026-01-27T20:17:07.531196+00:00", "title": "Plaintext Password Storage in Dell CloudBoost Virtual Appliance Leading to Privilege Escalation", "updated": "2026-04-18T15:00:03.441513+00:00", "vendors": ["dell", "dell$PRODUCT$cloudboost_virtual_appliance"]}