PT-2024-27327 · Dell · Dell Powerprotect Dd
Published
2024-06-26
·
Updated
2024-09-23
·
CVE-2024-37138
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell PowerProtect DD versions prior to 8.0
Dell PowerProtect DD LTS 7.13.1.0
Dell PowerProtect DD LTS 7.10.1.30
Dell PowerProtect DD LTS 7.7.5.40 on DDMC
Description
A relative path traversal issue exists, allowing a remote high privileged attacker to potentially exploit this, leading to the application sending an unauthorized file to the managed system.
Recommendations
For Dell PowerProtect DD versions prior to 8.0, update to version 8.0 or later.
For Dell PowerProtect DD LTS 7.13.1.0, consider applying a patch or configuration change as recommended by the vendor.
For Dell PowerProtect DD LTS 7.10.1.30, consider applying a patch or configuration change as recommended by the vendor.
For Dell PowerProtect DD LTS 7.7.5.40 on DDMC, consider applying a patch or configuration change as recommended by the vendor.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerprotect Dd