CVE-2024-29175Use of a Broken or Risky Cryptographic Algorithm in Dell Powerprotect DD

CWE-327Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 47.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerprotect DDDell Data Domain Operating System
Timeline
PublishedJun 26

Description

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDdell/data_domain_operating_system7.8.0.07.10.1.30+2
CVEListV5dell/powerprotect_ddN/A2.7.7+3

🔴Vulnerability Details

2
CVEList
CVE-2024-29175: Dell PowerProtect Data Domain, versions prior to 72024-06-26
GHSA
GHSA-j72h-72jr-j8pr: Dell PowerProtect Data Domain, versions prior to 72024-06-26
CVE-2024-29175 — Dell Powerprotect DD vulnerability | cvebase