Lucene search

DellVULNRICHMENT:CVE-2024-28974

HistoryMay 29, 2024 - 3:21 p.m.

CVE-2024-28974

2024-05-2915:21:22

CWE-326

dell

github.com

dell data protection

encryption

vulnerability

denial of service

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:emc_powerprotect_data_protection_appliance:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "emc_powerprotect_data_protection_appliance",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.7.6"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:dell:emc_data_protection_advisor:19.5:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "emc_data_protection_advisor",
    "versions": [
      {
        "status": "affected",
        "version": "19.5",
        "versionType": "custom",
        "lessThanOrEqual": "19.9"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities