CVE-2024-48010Improper Access Control in Dell Powerprotect DD

CWE-284Improper Access Control3 documents3 sources
Severity
7.2HIGHNVD
CNA6.5
EPSS
0.2%
top 57.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerprotect DDDell Data Domain Operating System
Timeline
PublishedNov 8

Description

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerprotect_ddN/A7.13.1.10+3
NVDdell/data_domain_operating_system7.7.0.07.7.5.50+3

🔴Vulnerability Details

2
CVEList
CVE-2024-48010: Dell PowerProtect DD, versions prior to 82024-11-08
GHSA
GHSA-cf7h-r4qx-2r45: Dell PowerProtect DD, versions prior to 82024-11-08