CVE-2022-29084

Name of the Vulnerable Software and Affected Versions Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173

Description The issue allows a remote unauthenticated attacker to potentially brute-force passwords and gain access to the system as the victim due to the lack of restriction on excessive authentication attempts in the Unisphere GUI. Account takeover is possible if weak passwords are used by users.

Recommendations For versions before 5.2.0.0.5.173, update to version 5.2.0.0.5.173 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication controls or monitoring to detect and prevent brute-force attacks. Restrict access to the Unisphere GUI to minimize the risk of exploitation.