Authentication Vulnerability in Dell Unity Products
CVE-2022-29084

8.1HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 2 June 2022

Summary

The Dell Unity, Dell UnityVSA, and Dell Unity XT systems prior to version 5.2.0.0.5.173 exhibit a vulnerability that allows excessive authentication attempts through the Unisphere GUI. This weakness can be exploited by remote, unauthenticated attackers, enabling them to conduct brute-force attacks on user passwords. If users employ weak passwords, there is a significant risk of account takeover, giving malicious actors unauthorized access to the affected systems.

Affected Version(s)

Unity < 5.2.0.0.5.173

References

https://www.dell.com/support/kbdoc/000199050

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Apr 12, 2022