Lucene search

[email protected]CVE-2019-3746

HistorySep 27, 2019 - 9:15 p.m.

CVE-2019-3746

2019-09-2721:15:10

CWE-307

[email protected]

web.nvd.nist.gov

183

dell emc

data protection

appliance

acm api

brute-force

vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

Affected configurations

NVD

Node

dellemc_integrated_data_protection_appliance_firmwareMatch2.0

dellemc_integrated_data_protection_appliance_firmwareMatch2.1

dellemc_integrated_data_protection_appliance_firmwareMatch2.2

AND

dellemc_idpa_dp4400Match-

dellemc_idpa_dp5800Match-

dellemc_idpa_dp8300Match-

dellemc_idpa_dp8800Match-

CPENameOperatorVersion
dell:emc_integrated_data_protection_appliance_firmwaredell emc integrated data protection appliance firmwareeq2.0
dell:emc_integrated_data_protection_appliance_firmwaredell emc integrated data protection appliance firmwareeq2.1
dell:emc_integrated_data_protection_appliance_firmwaredell emc integrated data protection appliance firmwareeq2.2

CPE	Name	Operator	Version
dell:emc_integrated_data_protection_appliance_firmware	dell emc integrated data protection appliance firmware	eq	2.0
dell:emc_integrated_data_protection_appliance_firmware	dell emc integrated data protection appliance firmware	eq	2.1
dell:emc_integrated_data_protection_appliance_firmware	dell emc integrated data protection appliance firmware	eq	2.2

CNA Affected

[
  {
    "product": "Integrated Data Protection Appliance",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2.3"
      }
    ]
  }
]

References

www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2019-3746

cvelist1 nvd1 prion1