CVE-2024-38488

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38488
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
History

04 Feb 2025, 15:52

Type Values Removed Values Added
First Time Dell
Dell recoverpoint For Virtual Machines
References () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - Vendor Advisory
Summary
  • (es) Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad. Se trata de una vulnerabilidad de restricción de autenticación excesiva que podría ser explotada por un atacante de red, lo que provocaría un ataque de fuerza bruta o un ataque de diccionario contra el formulario de inicio de sesión de RecoverPoint y un compromiso total del sistema. Esto permite a los atacantes obtener por fuerza bruta la contraseña de usuarios válidos de forma automática.
CPE cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*

13 Dec 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-13 14:15

Updated : 2025-02-04 15:52

NVD link : CVE-2024-38488

Mitre link : CVE-2024-38488

CVE.ORG link : CVE-2024-38488

JSON object : View

Products Affected

dell

  • recoverpoint_for_virtual_machines
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts