CVE-2024-45759Incorrect Privilege Assignment in Dell Powerprotect DD

CWE-266Incorrect Privilege Assignment3 documents3 sources
Severity
7.3HIGHNVD
CNA6.8
EPSS
0.1%
top 75.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerprotect DDDell Data Domain Operating System
Timeline
PublishedNov 8

Description

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:HExploitability: 1.8 | Impact: 5.5

Affected Packages2 packages

NVDdell/data_domain_operating_system7.7.1.07.7.5.50+3
CVEListV5dell/powerprotect_ddN/A7.13.1.10+3

🔴Vulnerability Details

2
GHSA
GHSA-fm4v-x3rr-w4hv: Dell PowerProtect Data Domain, versions prior to 82024-11-08
CVEList
CVE-2024-45759: Dell PowerProtect Data Domain, versions prior to 82024-11-08
CVE-2024-45759 — Incorrect Privilege Assignment in Dell | cvebase