CVE-2024-22425

Опубликовано: 16 фев. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

EPSS Низкий

Описание

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p1:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p2:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p4:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p1:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p2:*:*:*:*:*:*

cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00477

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-9m95-x9fm-78hh

CVSS3: 6.5

github

почти 2 года назад

Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

EPSS

Процентиль: 64%

0.00477

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307