Lucene search

[email protected]CVE-2024-28974

HistoryMay 29, 2024 - 4:15 p.m.

CVE-2024-28974

2024-05-2916:15:09

CWE-326

[email protected]

web.nvd.nist.gov

dell

data protection advisor

encryption

vulnerability

privileged attacker

denial of service

nvd

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Protection Advisor",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "19.9",
        "status": "affected",
        "version": "19.5",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DP Series Appliance (IDPA)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.7.6",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities