Vulnerabilities > CVE-2022-31234 - Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dell

CWE-307

critical

NVD

Published: 2022-07-21

Updated: 2022-07-30

Summary

Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerstore 500T Firmware * Dell EMC Powerstore 1200T Firmware * Dell EMC Powerstore 3200T Firmware * Dell EMC Powerstore 5200T Firmware * Dell EMC Powerstore 9200T Firmware *	5
Hardware	Dell Dell EMC Powerstore 500T - Dell EMC Powerstore 1200T - Dell EMC Powerstore 3200T - Dell EMC Powerstore 5200T - Dell EMC Powerstore 9200T -	5

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.dell.com/support/kbdoc/000201283