What is CVE-2019-3746?

CVE-2019-3746 is a critical-severity vulnerability in Dell Integrated Data Protection Appliance, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 9.8/10. Published 2019-09-27.

How severe is CVE-2019-3746?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2019-3746 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dell Integrated Data Protection Appliance

CVE-2019-3746

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attac…

EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Dell Integrated Data Protection Appliance — versions prior to 2.3

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

Public proof-of-concept exploits

References

www.dell.com/support/security/en-us/details/536363/DSA-2019-112-Dell-EMC-Integr… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-3746?: CVE-2019-3746 is a critical-severity vulnerability in Dell Integrated Data Protection Appliance, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 9.8/10. Published 2019-09-27.
How severe is CVE-2019-3746?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2019-3746 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.