CVE-2024-28980

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28980
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
History

04 Feb 2025, 15:55

Type Values Removed Values Added
CPE cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:dell:recoverpoint_for_virtual_machines:6.0:sp1_p1:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000259765/dsa-2024-429-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-third-party-component-vulnerabilities - Vendor Advisory
Summary
  • (es) Dell RecoverPoint for Virtual Machines 6.0.x contiene una vulnerabilidad de uso de un algoritmo criptográfico dañado o riesgoso en SSH. Un atacante no autenticado con acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría una ejecución remota.
First Time Dell recoverpoint For Virtual Machines
Dell

13 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-13 15:15

Updated : 2025-02-04 15:55

NVD link : CVE-2024-28980

Mitre link : CVE-2024-28980

CVE.ORG link : CVE-2024-28980

JSON object : View

Products Affected

dell

  • recoverpoint_for_virtual_machines
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm