Main Vulnerability Database Vulnerabilities #VU66108

Improper Authentication in Dell PowerProtect Cyber Recovery - CVE-2022-34372

Published: August 4, 2022

Vulnerability identifier: #VU66108

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-34372

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Dell PowerProtect Cyber Recovery

Software vendor:
Dell

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass. A remote attacker may potentially access and interact with the docker registry API leading to an authentication bypass and loss of integrity and confidentiality

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/nl-nl/000201970/dsa-2022-196-dell-cyber-recovery-security-update-for-multiple-vulnerabilities

Improper Authentication in Dell PowerProtect Cyber Recovery - CVE-2022-34372

Description

Remediation

External links

Please verify you're human