Products
Dell PowerProtect DD
- before 8.0
- LTS 7.13.1.0
- LTS 7.10.1.30
- LTS 7.7.5.40
Source
security_alert@emc.com
Tags
CVE-2024-37138 details
Published : June 26, 2024, 4:15 a.m.
Last Modified : June 26, 2024, 12:44 p.m.
Last Modified : June 26, 2024, 12:44 p.m.
Description
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
CVSS Score
| 1 | 2 | 3 | 4.1 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-23 | Relative Path Traversal | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
4.1
Exploitability Score
2.3
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities | security_alert@emc.com |
This website uses the NVD API, but is not approved or certified by it.