CVE-2024-53295Insufficient Granularity of Access Control in Dell Data Domain Operating System

CWE-1220Insufficient Granularity of Access Control3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 73.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Data Domain Operating SystemDell Powerprotect DD
Timeline
PublishedFeb 1

Description

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/powerprotect_dd7.7.1.08.1.0.10+2
NVDdell/data_domain_operating_system7.10.1.07.10.1.50+2

🔴Vulnerability Details

2
CVEList
CVE-2024-53295: Dell PowerProtect DD versions prior to 82025-02-01
GHSA
GHSA-9722-wh8j-2f5p: Dell PowerProtect DD versions prior to 82025-02-01