Severity
Medium
Analysis Summary
CVE-2024-45759 CVSS:6.8
Dell PowerProtect Data Domain could allow a local authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to execute certain commands to overwrite system config of the application.
CVE-2024-48010 CVSS:6.5
Dell PowerProtect DD could allow a remote authenticated attacker to gain elevated privileges on the system, caused by access control vulnerability. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-48011 CVSS:3.1
Dell PowerProtect Data Domain could allow a remote authenticated attacker to obtain sensitive information, caused by an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-45759
- CVE-2024-48010
- CVE-2024-48011
Affected Vendors
Affected Products
- Dell PowerProtect DD 7.7.1
- Dell PowerProtect DD - 7.7.1 - N/A - N/A - N/A
- Dell PowerProtect DD 8.1.0.0
- Dell PowerProtect DD 7.7.5.50
- Dell PowerProtect DD - N/A
Remediation
Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.