Lucene search

DellCVELIST:CVE-2024-28974

HistoryMay 29, 2024 - 3:21 p.m.

CVE-2024-28974

2024-05-2915:21:22

CWE-326

dell

www.cve.org

dell data protection

encryption strength

vulnerability

remote access

denial of service

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Protection Advisor",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "19.9",
        "status": "affected",
        "version": "19.5",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DP Series Appliance (IDPA)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.7.6",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities