CVE-2024-37140OS Command Injection in Dell Powerprotect DD

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
7.3%
top 8.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerprotect DDDell Data Domain Operating System
Timeline
PublishedJun 26

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/data_domain_operating_system7.8.0.07.10.1.30+2
CVEListV5dell/powerprotect_ddN/A2.7.7+2

🔴Vulnerability Details

2
CVEList
CVE-2024-37140: Dell PowerProtect DD, versions prior to 82024-06-26
GHSA
GHSA-59hv-9255-jc7h: Dell PowerProtect DD, versions prior to 82024-06-26