Main Vulnerability Database SB2022080426

SB2022080426 - Improper Authentication in Dell PowerProtect Cyber Recovery

Published: August 4, 2022

Security Bulletin ID SB2022080426

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2022-34372)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an authentication bypass. A remote attacker may potentially access and interact with the docker registry API leading to an authentication bypass and loss of integrity and confidentiality

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000201970/dsa-2022-196-dell-emc-cyber-recovery-security-update-for-multiple-vulnerabilities