PT-2024-27328 · Dell · Dell Powerprotect Dd
Published
2024-06-26
·
Updated
2024-09-23
·
CVE-2024-37139
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Dell PowerProtect DD versions prior to 8.0
Dell PowerProtect DD LTS 7.13.1.0
Dell PowerProtect DD LTS 7.10.1.30
Dell PowerProtect DD LTS 7.7.5.40
Description
The issue is related to an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this, leading to temporary resource constraint of system application, which may result in denial of service of the application.
Recommendations
For Dell PowerProtect DD versions prior to 8.0, update to version 8.0 or later.
For Dell PowerProtect DD LTS 7.13.1.0, consider applying configuration changes to restrict admin operations until a patch is available.
For Dell PowerProtect DD LTS 7.10.1.30, restrict access to vulnerable admin operations to minimize the risk of exploitation.
For Dell PowerProtect DD LTS 7.7.5.40, avoid using vulnerable admin operations in the system application until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerprotect Dd