Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9 access control

Summaryinfo

A vulnerability labeled as critical has been found in Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9. This issue affects some unknown processing. Such manipulation leads to access control. This vulnerability is documented as CVE-2024-48010. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9 and classified as problematic. Affected by this issue is an unknown part. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is integrity, and availability. CVE summarizes:

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

The advisory is shared for download at dell.com. This vulnerability is handled as CVE-2024-48010 since 10/08/2024. The exploitation is known to be easy. The attack may be launched remotely. The exploitation needs additional levels of successful authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 11/27/2024). The MITRE ATT&CK project declares the attack technique as T1068.

Upgrading to version 7.7.5.50, 7.10.1.40, 7.13.1.10 or 8.0.0.0 eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Dell

Name

• PowerProtect DD

Version

• 7.7.5.0
• 7.7.5.1
• 7.7.5.2
• 7.7.5.3
• 7.7.5.4
• 7.7.5.5
• 7.7.5.6
• 7.7.5.7
• 7.7.5.8
• 7.7.5.9
• 7.7.5.10
• 7.7.5.11
• 7.7.5.12
• 7.7.5.13
• 7.7.5.14
• 7.7.5.15
• 7.7.5.16
• 7.7.5.17
• 7.7.5.18
• 7.7.5.19
• 7.7.5.20
• 7.7.5.21
• 7.7.5.22
• 7.7.5.23
• 7.7.5.24
• 7.7.5.25
• 7.7.5.26
• 7.7.5.27
• 7.7.5.28
• 7.7.5.29
• 7.7.5.30
• 7.7.5.31
• 7.7.5.32
• 7.7.5.33
• 7.7.5.34
• 7.7.5.35
• 7.7.5.36
• 7.7.5.37
• 7.7.5.38
• 7.7.5.39
• 7.7.5.40
• 7.7.5.41
• 7.7.5.42
• 7.7.5.43
• 7.7.5.44
• 7.7.5.45
• 7.7.5.46
• 7.7.5.47
• 7.7.5.48
• 7.7.5.49
• 7.10.1.0
• 7.10.1.1
• 7.10.1.2
• 7.10.1.3
• 7.10.1.4
• 7.10.1.5
• 7.10.1.6
• 7.10.1.7
• 7.10.1.8
• 7.10.1.9
• 7.10.1.10
• 7.10.1.11
• 7.10.1.12
• 7.10.1.13
• 7.10.1.14
• 7.10.1.15
• 7.10.1.16
• 7.10.1.17
• 7.10.1.18
• 7.10.1.19
• 7.10.1.20
• 7.10.1.21
• 7.10.1.22
• 7.10.1.23
• 7.10.1.24
• 7.10.1.25
• 7.10.1.26
• 7.10.1.27
• 7.10.1.28
• 7.10.1.29
• 7.10.1.30
• 7.10.1.31
• 7.10.1.32
• 7.10.1.33
• 7.10.1.34
• 7.10.1.35
• 7.10.1.36
• 7.10.1.37
• 7.10.1.38
• 7.10.1.39
• 7.13.1.0
• 7.13.1.1
• 7.13.1.2
• 7.13.1.3
• 7.13.1.4
• 7.13.1.5
• 7.13.1.6
• 7.13.1.7
• 7.13.1.8
• 7.13.1.9

License

• commercial

Website

• Vendor: https://www.dell.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion