Lucene search

DellCVELIST:CVE-2023-4129

HistorySep 27, 2023 - 3:44 p.m.

CVE-2023-4129

2023-09-2715:44:02

CWE-326

dell

www.cve.org

dell data protection

central

encryption

vulnerability

network attacker

plaintext recovery

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.3%

JSON

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Protection Central",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Version 19.9.0-10"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218045/dsa-2023-346-security-update-for-dell-data-protection-central

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for CVELIST:CVE-2023-4129