CVE-2024-28974

HIGH

Dell Data Protection Advisor < 19.9 - Weak Encryption

Title source: rule

Description

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000225088/dsa-2024-192-security-update-for-data-protection-advisor-and-powerprotect-dp-series-appliance-idpa-for-multiple-vulnerabilities

Scores

CVSS v3 7.6

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-326

Status published

Products (3)

dell/data_protection_advisor 19.5 - 19.9

dell/dp4400_firmware < 2.7.6

dell/dp5900_firmware < 2.7.6

Published May 29, 2024

Tracked Since Feb 18, 2026