PT-2024-31755 · Dell · Dell Powerprotect Data Domain

Published

2024-11-07

Updated

2024-11-26

CVE-2024-45759

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Domain versions prior to 8.1.0.0 Dell PowerProtect Data Domain version 7.13.1.10 Dell PowerProtect Data Domain version 7.10.1.40 Dell PowerProtect Data Domain version 7.7.5.50

Description: A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

Recommendations: For versions prior to 8.1.0.0, update to version 8.1.0.0 or later. For version 7.13.1.10, update to a version later than 7.13.1.10. For version 7.10.1.40, update to a version later than 7.10.1.40. For version 7.7.5.50, update to a version later than 7.7.5.50.

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2024-45759

Affected Products

Dell Powerprotect Data Domain

PT-2024-31755 · Dell · Dell Powerprotect Data Domain

CVE-2024-45759

Weakness Enumeration

Related Identifiers

Affected Products

References · 9