Lucene search

DellCVELIST:CVE-2024-37138

HistoryJun 26, 2024 - 3:24 a.m.

CVE-2024-37138

2024-06-2603:24:40

CWE-23

dell

www.cve.org

cve-2024-37138

dell powerprotect

path traversal

unauthorized file

managed system

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "7.13",
        "status": "affected",
        "version": "7.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.13",
        "status": "affected",
        "version": "7.8",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-37138