The vulnerability identified as CVE-2024-39575 affects Dell EMC VxRail Appliance. The issue involves the script update_disk_psu_baseline.sh requiring a password to be stored in plaintext, classified under CWE-256 (Plaintext Storage of a Password). This practice exposes sensitive credentials to potential unauthorized access, increasing the risk of compromise. The CVSS v3.1 score is 7.4, reflecting a high severity with local attack vector, high attack complexity, requiring high privileges, no user interaction, and a scope change with partial confidentiality loss, high integrity impact, and high availability impact.

The plaintext storage of a password in the affected script can lead to unauthorized disclosure of credentials if an attacker gains access to the system. This can result in compromised system integrity and availability, as well as partial loss of confidentiality. The vulnerability requires local access with high privileges and has a high attack complexity, limiting exploitation to privileged users but still posing a significant risk within that context.

No official patch or remediation guidance is currently available from the vendor. Patch status is not yet confirmed — check the Dell vendor advisory for current remediation guidance. Until a fix is provided, restrict access to the affected script and sensitive files to trusted administrators only and monitor for any unauthorized access attempts.