CVE-2024-22425
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/02/2024
Last modified:
23/01/2025
Description
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p1:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p2:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp2_p4:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p1:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:5.3:sp3_p2:*:*:*:*:*:* | ||
| cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities