Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-34372 |
CWE-ID | CWE-287 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Dell PowerProtect Cyber Recovery Other software / Other software solutions |
Vendor | Dell |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU66108
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-34372
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an authentication bypass. A remote attacker may potentially access and interact with the docker registry API leading to an authentication bypass and loss of integrity and confidentiality
Install updates from vendor's website.
Vulnerable software versionsDell PowerProtect Cyber Recovery: before 19.11.0.2
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.