CVE-2022-29084
published 2022-06-02CVE-2022-29084: Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | unity | >= unspecified < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unity_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unity_xt_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |
| dell | unityvsa_operating_environment | < 5.2.0.0.5.173 | 5.2.0.0.5.173 |