CVE-2022-29084
First published: Thu Jun 02 2022(Updated: )
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Unity Operating Environment | <5.2.0.0.5.173 | |
| Dell Unity Xt Operating Environment | <5.2.0.0.5.173 | |
| Dell Unityvsa Operating Environment | <5.2.0.0.5.173 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Dell Unity vulnerability?
The vulnerability ID is CVE-2022-29084.
What is the severity level of CVE-2022-29084?
The severity level of CVE-2022-29084 is critical.
Which Dell products are affected by CVE-2022-29084?
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 are affected.
What is the potential impact of CVE-2022-29084?
A remote unauthenticated attacker may potentially brute-force passwords and gain access to the system as the victim.
Is there a fix available for CVE-2022-29084?
Yes, updating to Dell Unity, Dell UnityVSA, and Dell Unity XT versions 5.2.0.0.5.173 or later will fix the vulnerability.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell unity operating environment
- canonical/dell unity xt operating environment
- canonical/dell unityvsa operating environment