Lucene search

DellCVELIST:CVE-2024-37138

HistoryJun 26, 2024 - 3:24 a.m.

CVE-2024-37138

2024-06-2603:24:40

CWE-23

dell

www.cve.org

cve-2024-37138

dell powerprotect

path traversal

unauthorized file

managed system

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

EPSS

Percentile

9.1%

JSON

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "7.13",
        "status": "affected",
        "version": "7.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.13",
        "status": "affected",
        "version": "7.8",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-37138