Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9 privileges assignment

Summaryinfo

A vulnerability classified as problematic was found in Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9. Affected by this vulnerability is an unknown functionality. Such manipulation leads to privileges assignment. This vulnerability is traded as CVE-2024-45759. An attack has to be approached locally. There is no exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Dell PowerProtect DD up to 7.7.5.49/7.10.1.39/7.13.1.9 and classified as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privileges assignment vulnerability. Using CWE to declare the problem leads to CWE-266. A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

The advisory is available at dell.com. This vulnerability is handled as CVE-2024-45759 since 09/06/2024. The exploitation is known to be easy. Local access is required to approach this attack. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

Upgrading to version 7.7.5.50, 7.10.1.40, 7.13.1.10 or 8.0.0.0 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Dell

Name

• PowerProtect DD

Version

• 7.7.5.0
• 7.7.5.1
• 7.7.5.2
• 7.7.5.3
• 7.7.5.4
• 7.7.5.5
• 7.7.5.6
• 7.7.5.7
• 7.7.5.8
• 7.7.5.9
• 7.7.5.10
• 7.7.5.11
• 7.7.5.12
• 7.7.5.13
• 7.7.5.14
• 7.7.5.15
• 7.7.5.16
• 7.7.5.17
• 7.7.5.18
• 7.7.5.19
• 7.7.5.20
• 7.7.5.21
• 7.7.5.22
• 7.7.5.23
• 7.7.5.24
• 7.7.5.25
• 7.7.5.26
• 7.7.5.27
• 7.7.5.28
• 7.7.5.29
• 7.7.5.30
• 7.7.5.31
• 7.7.5.32
• 7.7.5.33
• 7.7.5.34
• 7.7.5.35
• 7.7.5.36
• 7.7.5.37
• 7.7.5.38
• 7.7.5.39
• 7.7.5.40
• 7.7.5.41
• 7.7.5.42
• 7.7.5.43
• 7.7.5.44
• 7.7.5.45
• 7.7.5.46
• 7.7.5.47
• 7.7.5.48
• 7.7.5.49
• 7.10.1.0
• 7.10.1.1
• 7.10.1.2
• 7.10.1.3
• 7.10.1.4
• 7.10.1.5
• 7.10.1.6
• 7.10.1.7
• 7.10.1.8
• 7.10.1.9
• 7.10.1.10
• 7.10.1.11
• 7.10.1.12
• 7.10.1.13
• 7.10.1.14
• 7.10.1.15
• 7.10.1.16
• 7.10.1.17
• 7.10.1.18
• 7.10.1.19
• 7.10.1.20
• 7.10.1.21
• 7.10.1.22
• 7.10.1.23
• 7.10.1.24
• 7.10.1.25
• 7.10.1.26
• 7.10.1.27
• 7.10.1.28
• 7.10.1.29
• 7.10.1.30
• 7.10.1.31
• 7.10.1.32
• 7.10.1.33
• 7.10.1.34
• 7.10.1.35
• 7.10.1.36
• 7.10.1.37
• 7.10.1.38
• 7.10.1.39
• 7.13.1.0
• 7.13.1.1
• 7.13.1.2
• 7.13.1.3
• 7.13.1.4
• 7.13.1.5
• 7.13.1.6
• 7.13.1.7
• 7.13.1.8
• 7.13.1.9

License

• commercial

Website

• Vendor: https://www.dell.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion