Vulnerabilities > CVE-2019-3746 - Improper Restriction of Excessive Authentication Attempts vulnerability in Dell EMC Integrated Data Protection Appliance Firmware 2.0/2.1/2.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

dell

CWE-307

NVD

Published: 2019-09-27

Updated: 2019-10-09

Summary

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Integrated Data Protection Appliance Firmware 2.0 Dell EMC Integrated Data Protection Appliance Firmware 2.1 Dell EMC Integrated Data Protection Appliance Firmware 2.2	3
Hardware	Dell Dell EMC Idpa Dp4400 - Dell EMC Idpa Dp5800 - Dell EMC Idpa Dp8300 - Dell EMC Idpa Dp8800 -	4

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities