CVE-2024-28974

Published: May 29, 2024Modified: Feb 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

Affected (3)

Products: Dell: Data Protection Advisor, Dp4400 Firmware, Dp5900 Firmware

Dell

3 products

Data Protection Advisor

Dp4400 Firmware

Dp5900 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Data Protection Advisor	From 19.5 to 19.9

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Dp4400 Firmware	Up to 2.7.6

Running on/with	Platform Versions
Dell Dp4400	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Dp5900 Firmware	Up to 2.7.6

Running on/with	Platform Versions
Dell Dp5900	All versions

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.