CVE-2024-29173

Published: Jun 26, 2024Modified: Feb 3, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

Affected (2)

Products: Dell: Data Domain Operating System

Dell

1 product

Data Domain Operating System

Configuration A

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Dell Data Domain Operating System	From 7.0 to 7.13

Running on/with	Platform Versions
Dell Apex Protection Storage	All versions
Dell Apex Protection Storage	All versions
Dell Dd3300	All versions
Dell Dd6400	All versions
Dell Dd6900	All versions
Dell Dd9400	All versions
Dell Dd9410	All versions
Dell Dd9900	All versions
Dell Dd9910	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Data Domain Operating System	Before 5.16.0.0

Running on/with	Platform Versions
Dell Dm5500	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.