3 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. • https://www.dell.com/support/kbdoc/en-us/000214943/dsa-2023-201-security-update-for-dell-powerprotect-cyber-recovery • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality Dell PowerProtect Cyber Recovery versiones anteriores a 19.11.0.2, contienen una vulnerabilidad de omisión de autenticación. Un atacante remoto no autenticado puede potencialmente acceder e interactuar con la API del registro de Docker, conllevando a una omisión de autenticación. El atacante puede potencialmente alterar las imágenes Docker, conllevando a una pérdida de integridad y confidencialidad • https://www.dell.com/support/kbdoc/en-us/000201970/dsa-2022-196-dell-emc-cyber-recovery-security-update-for-multiple-vulnerabilities • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. Dell PowerProtect Cyber Recovery, versiones anteriores a 19.11, contienen una vulnerabilidad de escalada de privilegios en implementaciones de dispositivos virtuales. Un usuario autenticado poco privilegiado puede encadenar los comandos de Docker para escalar los privilegios a root, conllevando a una toma completa del sistema • https://support.emc.com/kb/000201213 •