CVE-2024-28973 in PowerProtect DD
Summary
by MITRE • 06/26/2024
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/22/2025
The vulnerability identified as CVE-2024-28973 affects Dell PowerProtect DD systems running versions prior to 8.0 with specific LTS releases including 7.13.1.0, 7.10.1.30, and 7.7.5.40. This represents a critical security flaw that resides within the web application interface of the backup and recovery solution, where user-supplied data is not properly sanitized before being stored in the application's data repository. The vulnerability manifests as a stored cross-site scripting issue that allows an attacker to inject malicious code into the system's data store, which then executes when legitimate users access the affected functionality through their web browsers.
The technical nature of this vulnerability places it squarely within the CWE-79 category of Cross-Site Scripting, specifically classified as a stored XSS variant where malicious input is permanently stored on the server and subsequently served to other users. The attack vector requires a high privileged attacker position, indicating that the vulnerability can be exploited by someone who already has elevated access rights within the system, though this access level is still considered concerning given the potential for lateral movement and privilege escalation. The flaw operates by allowing malicious HTML or JavaScript code to be submitted through legitimate application interfaces and stored in the backend database or data structures, creating a persistent threat that remains active until the malicious content is removed or the system is updated.
The operational impact of this vulnerability extends beyond simple data corruption or display issues, as it can enable sophisticated attacks including session hijacking, where an attacker can steal user authentication tokens and impersonate legitimate users within the PowerProtect DD environment. Additionally, the vulnerability may facilitate client-side request forgery attacks, allowing malicious actors to perform unauthorized actions on behalf of authenticated users. The implications are particularly severe for backup and recovery systems, as these platforms often contain sensitive organizational data and may serve as critical infrastructure components. The stored nature of the XSS payload means that the attack can persist even after the initial exploitation attempt, potentially allowing attackers to maintain access over extended periods while remaining undetected by standard monitoring mechanisms.
Organizations should immediately implement mitigation strategies including applying the latest security patches and updates provided by Dell to address this vulnerability. Network segmentation and monitoring of web application traffic can help detect potential exploitation attempts, while implementing proper input validation and output encoding mechanisms should be prioritized in any defensive measures. The ATT&CK framework categorizes this vulnerability under the T1059.007 technique for 'Command and Scripting Interpreter: JavaScript' and T1566.001 for 'Phishing: Spearphishing Attachment', as the vulnerability enables both automated script execution and social engineering attack vectors. Security teams should also consider implementing web application firewalls and content security policies to prevent the execution of unauthorized scripts, while conducting thorough vulnerability assessments to identify any potential related weaknesses in the broader network infrastructure that could be leveraged in conjunction with this XSS vulnerability.