Insecure Cryptographic Algorithm in Dell EMC Unity Products
CVE-2022-22564

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 14 February 2023

Summary

Dell EMC Unity prior to version 5.2.0.0.5.173 employs a broken cryptographic algorithm that may be exploited by remote unauthenticated attackers. This vulnerability facilitates man-in-the-middle (MitM) attacks, allowing attackers to potentially gain access to sensitive information. Proper security measures and updates are essential to mitigate risks associated with this vulnerability.

Affected Version(s)

Unity 0 < 5.2.0.0.5.173

References

https://www.dell.com/support/kbdoc/en-us/000199050/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 4, 2022