CVE-2024-22425

Summary

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

Affected Software

VendorProductVersion RangeStatus
DellRecoverPoint for VMs5.3 SP2affected
DellRecoverPoint for VMs5.3 SP2 P1affected
DellRecoverPoint for VMs5.3 SP2 P2affected
DellRecoverPoint for VMs5.3 SP2 P4affected
DellRecoverPoint for VMs5.3 SP3 P1affected
DellRecoverPoint for VMs5.3 SP3 P2affected
DellRecoverPoint for VMs6.0.SP1affected

Weaknesses

  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References