VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 2, 2022· Updated Sep 17, 2024

CVE-2022-29084

CVE-2022-29084

Description

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity, UnityVSA, and Unity XT before 5.2.0.0.5.173 lack rate limiting on authentication attempts in Unisphere GUI, enabling remote brute-force password attacks.

Vulnerability

The Unisphere GUI component of Dell Unity, UnityVSA, and Unity XT operating environments prior to version 5.2.0.0.5.173 does not impose rate limits on authentication attempts. This allows an attacker to submit an unlimited number of login requests without restriction, making brute-force attacks feasible. Affected versions include all releases before 5.2.0.0.5.173 for all three product lines [1].

Exploitation

An unauthenticated, remote attacker can send repeated login requests to the Unisphere GUI over the network. No prior access or user interaction is required. The attacker systematically attempts passwords against known usernames or enumerates until successful authentication is achieved.

Impact

Successful brute-force leads to account takeover, allowing the attacker to gain the same privileges as the victim user. If weak passwords are used, the attack becomes particularly effective. The compromised account can then be used to access and potentially manipulate storage system configurations and data.

Mitigation

Dell has released version 5.2.0.0.5.173 of the Unity Operating Environment (and associated products) to address this issue. Users are advised to apply the update from Dell's support site. As a workaround, implement network-level access controls to limit exposure of the Unisphere GUI to trusted networks and enforce strong password policies [1].

References
  1. DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Dell/Unity XTllm-fuzzy2 versions
    <5.2.0.0.5.173+ 1 more
    • (no CPE)range: <5.2.0.0.5.173
    • (no CPE)range: unspecified
  • Sift/Unityllm-fuzzy
    Range: <5.2.0.0.5.173
  • Dell/UnityVSAllm-fuzzy
    Range: <5.2.0.0.5.173

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.