CVE-2024-29175

Summary

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect DD7.0 <= 7.13affected
DellPowerProtect DDN/A < 2.7.7affected
DellPowerProtect DDN/A < 5.16.0.0affected
DellPowerProtect DD7.8 <= 7.13affected

Weaknesses

  • CWE-327: CWE-327: Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References