Vulnerability Affecting Dell PowerProtect DD
CVE-2024-53295
CVE-2024-53295 is an improper access control vulnerability affecting Dell PowerProtect DD versions before 8.3.0.0, 7.10.1.50, and 7.13.1.20. A local malicious user with low privileges can exploit this vulnerability to escalate their privileges.Affected Products and Versions:- PowerProtect DD 7.7.1.0 and earlier
- PowerProtect DD 8.1.0.10
- PowerProtect DD 7.13.1.0 and earlier
- PowerProtect DD 7.10.1.0 and earlier
- CVSS v3.1 Score: 7.8 (High)
- Severity: High
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality: High
- Integrity: High
- Availability: High
- Vulnerability Reserved: January 31, 2025
- Vulnerability Published: February 1, 2025
- Version 8.3.0.0 or later
- Version 7.10.1.50 or later
- Version 7.13.1.20 or later
- DSA-2025-022: Security Update for Dell PowerProtect DD Multiple Vulnerabilities
- CVE-2024-53295
- A local user with low privileges gains initial access to a Dell PowerProtect DD system running a vulnerable version.
- The attacker exploits the improper access control vulnerability to bypass intended security restrictions.
- By leveraging this flaw, the attacker escalates their privileges, potentially gaining unauthorized access to sensitive functions within the affected systems.
- The attacker may then perform actions such as accessing confidential data, modifying system configurations, or disrupting services.
- CVE-2024-48010: Improper Access Control vulnerability in Dell PowerProtect DD versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50.
- DSA-2023-412: Multiple security vulnerabilities in Dell PowerProtect DD versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110.
- DSA-2024-219: Multiple security vulnerabilities in Dell PowerProtect DD versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40.