Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3746

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

Published

2019-09-27T21:15:10.143

Last Modified

2024-11-21T04:42:27.323

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-307
Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	emc_integrated_data_protection_appliance_firmware	2.0	Yes
Operating System	dell	emc_integrated_data_protection_appliance_firmware	2.1	Yes
Operating System	dell	emc_integrated_data_protection_appliance_firmware	2.2	Yes
Hardware	dell	emc_idpa_dp4400	-	No
Hardware	dell	emc_idpa_dp5800	-	No
Hardware	dell	emc_idpa_dp8300	-	No
Hardware	dell	emc_idpa_dp8800	-	No

References

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities Vendor Advisory ([email protected])
https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)