Low Encryption Strength Vulnerability in Dell Data Protection Advisor Could Lead to Denial of Service
CVE-2024-28974

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Data Protection Advisor; Powerprotect Dp Series Appliance (idpa)
Vendor: CVE Published:; 29 May 2024

Summary

The Inadequate Encryption Strength vulnerability present in Dell Data Protection Advisor version 19.9 allows low privileged attackers with remote access to exploit the weakness. This exploitation can potentially lead to a Denial of Service condition, impacting the availability of the service. As the vulnerability stems from insufficient encryption measures, it is critical for organizations using this product to apply security updates and configurations recommended by Dell to mitigate the risk.

Affected Version(s)

Data Protection Advisor 19.5 <= 19.9

PowerProtect DP Series Appliance (IDPA) <= 2.7.6

References

https://www.dell.com/support/kbdoc/en-us/000225088/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2024
Vulnerability Reserved
Mar 13, 2024