CVE-2019-3746

Published Sep 27, 2019

Last updated 5 months ago

CVSS high 8.8

Overview

Description: Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

security_alert@emc.com: CWE-307
nvd@nist.gov: CWE-307

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C133A08-973B-43E2-8E0C-9B7AEF467BDD"
          },
          {
            "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "889D0DDB-7D31-4AE9-972A-AE14CC2A82BF"
          },
          {
            "criteria": "cpe:2.3:o:dell:emc_integrated_data_protection_appliance_firmware:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "970D60B9-9DAD-4F1D-BFBE-BB069756011C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:emc_idpa_dp4400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70B89DD8-CEE9-4C3D-828D-71139D55A7C5"
          },
          {
            "criteria": "cpe:2.3:h:dell:emc_idpa_dp5800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7FEEA32E-07CD-45F0-AB1E-235764A8A094"
          },
          {
            "criteria": "cpe:2.3:h:dell:emc_idpa_dp8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8C8B35A8-80BF-443E-992B-6F5B03A9928C"
          },
          {
            "criteria": "cpe:2.3:h:dell:emc_idpa_dp8800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E98F97BD-57F5-4F2E-9573-863503A5B911"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References