CVE-2019-3746 — Improper Restriction of Excessive Authentication Attempts in Dell Integrated Data Protection Appliance

CWE-307 — Improper Restriction of Excessive Authentication Attempts3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 23.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Integrated Data Protection Appliance Dell EMC Integrated Data Protection Appliance Firmware

Timeline

PublishedSep 27

Latest updateMay 24

Description

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/integrated_data_protection_applianceprior to 2.3

▶NVDdell/emc_integrated_data_protection_appliance_firmware2.0, 2.1, 2.2+2

🔴Vulnerability Details

GHSA

GHSA-3q4q-6vxp-x66f: Dell EMC Integrated Data Protection Appliance versions prior to 2↗2022-05-24

▶

CVEList

CVE-2019-3746: Dell EMC Integrated Data Protection Appliance versions prior to 2↗2019-09-27

▶