Vulnerabilities > CVE-2024-22433 - Unspecified vulnerability in Dell Data Protection Search

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dell

critical

NVD

Published: 2024-02-06

Updated: 2024-02-13

Summary

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Data Protection Search 19.2.0 Dell Data Protection Search 19.3.0 Dell Data Protection Search 19.4.0 Dell Data Protection Search 19.5.0 Dell Data Protection Search 19.5.1 Dell Data Protection Search 19.6.0 Dell Data Protection Search 19.6.1 Dell Data Protection Search 19.6.2 Dell Data Protection Search 19.6.3	9

References

https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities