Improper Authentication in Dell PowerProtect Cyber Recovery



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-34372
CWE-ID CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
Dell PowerProtect Cyber Recovery
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU66108

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-34372

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass. A remote attacker may potentially access and interact with the docker registry API leading to an authentication bypass and loss of integrity and confidentiality

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Dell PowerProtect Cyber Recovery: before 19.11.0.2

CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000201970/dsa-2022-196-dell-cyber-recovery-security-update-for-multiple-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###