CVE-2024-53295

Summary

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Affected Software

VendorProductVersion RangeStatus
DellPowerProtect DD7.7.1.0 <= 8.1.0.10affected
DellPowerProtect DD7.13.1.0 <= 7.13.1.10affected
DellPowerProtect DD7.10.1.0 <= 7.10.1.40affected

Weaknesses

  • CWE-1220: CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References