← Back

CVE-2024-22425

nvd nist
Published: Feb 16, 2024Modified: Jan 23, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

Affected (7)

Dell
1 product
Recoverpoint For Virtual Machines
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Dell
Recoverpoint For Virtual Machines
Version 5.3 sp2
Recoverpoint For Virtual Machines
Version 5.3 sp2_p1
Recoverpoint For Virtual Machines
Version 5.3 sp2_p2
Recoverpoint For Virtual Machines
Version 5.3 sp2_p4
Recoverpoint For Virtual Machines
Version 5.3 sp3_p1
Recoverpoint For Virtual Machines
Version 5.3 sp3_p2
Recoverpoint For Virtual Machines
Version 6.0 sp1

Related CWEs

CWE-307
Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (3)

Source: security_alert@emc.com
Vendor Advisory
Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.