DellCVE-2024-37140CVE-2024-37140
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.1%
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application’s underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | data_domain_operating_system | * | cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PowerProtect DD",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "7.13",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "2.7.7",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "5.16.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
21.1%