ID CVE-2019-3746
Summary Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
References
Vulnerable Configurations
  • cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*
    cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_idpa_dp4400:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_idpa_dp4400:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_idpa_dp5800:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_idpa_dp5800:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_idpa_dp8300:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_idpa_dp8300:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:emc_idpa_dp8800:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:emc_idpa_dp8800:-:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 09-10-2019 - 23:49)
Impact:
Exploitability:
CWE CWE-307
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities
Last major update 09-10-2019 - 23:49
Published 27-09-2019 - 21:15
Last modified 09-10-2019 - 23:49
Back to Top