CVE-2024-28980

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28980

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

D

ell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
History

04 Feb 2025, 15:55

Type Values Removed Values Added
First Time Dell
Dell recoverpoint For Virtual Machines
References () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - Vendor Advisory
CPE cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
Summary (es) Dell RecoverPoint para máquinas virtuales, versión(es) 6.0.x contiene(n) una vulnerabilidad de uso de un algoritmo criptográfico dañado o riesgoso en SSH. Un atacante no autenticado con acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría una ejecución remota. (es) Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de uso de un algoritmo criptográfico dañado o riesgoso en SSH. Un atacante no autenticado con acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría una ejecución remota.

13 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-13 15:15

Updated : 2025-02-04 15:55

NVD link : CVE-2024-28980

Mitre link : CVE-2024-28980

CVE.ORG link : CVE-2024-28980

JSON object : View

Products Affected

dell

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm