CVE-2024-45759

Summary

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect DD7.7.1 <= 8.0.0.0affected
DellPowerProtect DDN/A < 7.13.1.10affected
DellPowerProtect DDN/A < 7.10.1.40affected
DellPowerProtect DDN/A < 7.7.5.50affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References