CVE-2024-25661 Cleartext storage of passwords in hit7300 @CT application
Public disclosure |
01-10-2024 |
|---|---|
Last updated |
10-07-2025 |
Vulnerability type |
CWE-316: Cleartext Storage of Sensitive Information in Memory |
CVSS vector |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
CVSS score |
7.7 |
Description
Cleartext storage of sensitive information in memory of desktop management application @CT in Infinera hiT7300 version 5.60.50 allows guest OS administrators to obtain various users’ passwords via accessing memory dumps of the desktop application.
Affected products and versions
@CT as part of hit7300 NE SW version in releases before 5.60 70.06. TNMS releases before 21.00.0.650 (with LCT build 14.0.34).
Mitigation plan
Fix has been provided in hit7300 NE SW version 5.60 70.06 and TNMS release 21.00.0.650 (with @CT build 14.0.34) onwards.
Acknowledgements
- cvcn (CENTRO DI VALUTAZIONE E CERTIFICAZIONE NAZIONALE)
References
Change history : Initial version is published on 01-10-2024