Details of VAR-201909-0091

ID

VAR-201909-0091

CVE

CVE-2019-3746

TITLE

Dell EMC Integrated Data Protection Appliance Vulnerable to improper restriction of excessive authentication attempts

Trust: 0.8

sources: JVNDB: JVNDB-2019-009955

DESCRIPTION

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. The vulnerability is due to the fact that the program does not limit the number of requests

Trust: 1.71

sources: NVD: CVE-2019-3746 // JVNDB: JVNDB-2019-009955 // VULHUB: VHN-155181

AFFECTED PRODUCTS

vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.2	Trust: 1.6
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.0	Trust: 1.6
vendor:	dell	model:	emc integrated data protection appliance	scope:	eq	version:	2.1	Trust: 1.6
vendor:	dell emc old emc	model:	integrated data protection appliance	scope:	lt	version:	2.3	Trust: 0.8
vendor:	dell	model:	emc idpa dp8800	scope:	eq	version:	-	Trust: 0.6
vendor:	dell	model:	emc idpa dp4400	scope:	eq	version:	-	Trust: 0.6
vendor:	dell	model:	emc idpa dp5800	scope:	eq	version:	-	Trust: 0.6
vendor:	dell	model:	emc idpa dp8300	scope:	eq	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-009955 // CNNVD: CNNVD-201909-1309 // NVD: CVE-2019-3746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3746
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2019-3746
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-3746
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201909-1309
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155181
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-3746
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-155181
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3746
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2019-3746
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2019-3746
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-155181 // JVNDB: JVNDB-2019-009955 // CNNVD: CNNVD-201909-1309 // NVD: CVE-2019-3746 // NVD: CVE-2019-3746

PROBLEMTYPE DATA

problemtype:

CWE-307

Trust: 1.9

sources: VULHUB: VHN-155181 // JVNDB: JVNDB-2019-009955 // NVD: CVE-2019-3746

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1309

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1309

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009955

PATCH

title:	DSA-2019-112: Dell EMC Integrated Data Protection Appliance Multiple Vulnerabilities	url:	https://www.dell.com/support/security/ja-jp/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities	Trust: 0.8
title:	Dell EMC Integrated Data Protection Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98701	Trust: 0.6

sources: JVNDB: JVNDB-2019-009955 // CNNVD: CNNVD-201909-1309

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3746	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-009955	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-1309	Trust: 0.7
db:	VULHUB	id:	VHN-155181	Trust: 0.1

sources: VULHUB: VHN-155181 // JVNDB: JVNDB-2019-009955 // CNNVD: CNNVD-201909-1309 // NVD: CVE-2019-3746

REFERENCES

url:	https://www.dell.com/support/security/en-us/details/536363/dsa-2019-112-dell-emc-integrated-data-protection-appliance-multiple-vulnerabilities	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3746	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3746	Trust: 0.8

sources: VULHUB: VHN-155181 // JVNDB: JVNDB-2019-009955 // CNNVD: CNNVD-201909-1309 // NVD: CVE-2019-3746

SOURCES

db:	VULHUB	id:	VHN-155181
db:	JVNDB	id:	JVNDB-2019-009955
db:	CNNVD	id:	CNNVD-201909-1309
db:	NVD	id:	CVE-2019-3746

LAST UPDATE DATE

2024-11-23T21:59:42.500000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155181	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-009955	date:	2019-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201909-1309	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-3746	date:	2024-11-21T04:42:27.323

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155181	date:	2019-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-009955	date:	2019-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201909-1309	date:	2019-09-27T00:00:00
db:	NVD	id:	CVE-2019-3746	date:	2019-09-27T21:15:10.143