CVE-2024-38488

{"id": "CVE-2024-38488", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-12-13T14:15:21.993", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise.\nThis allows attackers to brute-force the password of valid users in an automated manner."}, {"lang": "es", "value": "Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad. Se trata de una vulnerabilidad de restricci\u00f3n de autenticaci\u00f3n excesiva que podr\u00eda ser explotada por un atacante de red, lo que provocar\u00eda un ataque de fuerza bruta o un ataque de diccionario contra el formulario de inicio de sesi\u00f3n de RecoverPoint y un compromiso total del sistema. Esto permite a los atacantes obtener por fuerza bruta la contrase\u00f1a de usuarios v\u00e1lidos de forma autom\u00e1tica."}], "lastModified": "2025-02-04T15:52:59.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD0ABCD5-9273-4799-A916-3518ED5EBB46"}, {"criteria": "cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "800D6F27-0B30-4E0A-94F6-B52367D50761"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}