CVE-2024-37140

Name of the Vulnerable Software and Affected Versions Dell PowerProtect DD versions prior to 8.0 Dell PowerProtect DD LTS 7.13.1.0 Dell PowerProtect DD LTS 7.10.1.30 Dell PowerProtect DD LTS 7.7.5.40

Description The issue is an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Recommendations For Dell PowerProtect DD versions prior to 8.0, update to version 8.0 or later. For Dell PowerProtect DD LTS 7.13.1.0, consider disabling admin operations until a patch is available. For Dell PowerProtect DD LTS 7.10.1.30, restrict access to the vulnerable admin operation to minimize the risk of exploitation. For Dell PowerProtect DD LTS 7.7.5.40, avoid using the vulnerable application until the issue is resolved.