Main Vulnerability Database Vulnerabilities #VU21443

#VU21443 Cryptographic issues in EMC Integrated Data Protection Appliance - CVE-2019-3736

Published: September 30, 2019

Vulnerability identifier: #VU21443

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3736

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
EMC Integrated Data Protection Appliance

Software vendor:
Dell

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to weak cryptography in the ACM component. A remote authenticated attacker with root privileges can use a support tool to decrypt encrypted passwords stored locally on the system and use it to access other components using the privileges of the compromised user.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integrated-Data-Protection-Appliance-Multiple-Vulnerabilities

#VU21443 Cryptographic issues in EMC Integrated Data Protection Appliance - CVE-2019-3736

Description

Remediation

External links

Please verify you're human