CVE-2019-3746

Published: Sep 27, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

Affected (3)

Products: Dell: Emc Integrated Data Protection Appliance Firmware

Dell

1 product

Emc Integrated Data Protection Appliance Firmware

Configuration A

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.0
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.1
Dell Emc Integrated Data Protection Appliance Firmware	Version 2.2

Running on/with	Platform Versions
Dell Emc Idpa Dp4400	All versions
Dell Emc Idpa Dp5800	All versions
Dell Emc Idpa Dp8300	All versions
Dell Emc Idpa Dp8800	All versions

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.