CVE-2019-3766 - Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication a

CVE-2019-3766

Summary

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

References

https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio

Vulnerable Configurations

cpe:2.3:a:dell:emc_elastic_cloud_storage:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_elastic_cloud_storage:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 09-10-2019 - 23:49)
Impact:
Exploitability:

CWE

CWE-307

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm

https://www.dell.com/support/security/en-us/details/537465/DSA-2019-140-Dell-EMC-Elastic-Cloud-Storage-ECS-Improper-Restriction-of-Excessive-Authenticatio

Last major update

09-10-2019 - 23:49

Published

27-09-2019 - 21:15

Last modified

09-10-2019 - 23:49