CVE-2024-29171

Medium

Published: 12 February 2025

Published

12 February 2025

Modified

19 March 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0009 25.7th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure.

Security Summary

CVE-2024-29171 is an improper certificate verification vulnerability (CWE-295) in Dell BSAFE SSL-J, affecting versions prior to 6.6 and versions 7.0 through 7.2. This flaw enables a remote attacker to potentially bypass proper validation of certificates during SSL/TLS operations, with a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), rated as Medium severity due to high confidentiality impact.

A remote, unauthenticated attacker with network access can exploit this vulnerability, though it requires high attack complexity. No user interaction or privileges are needed, and exploitation leads to information disclosure without affecting integrity or availability.

Dell's DSA-2024-221 advisory provides a security update addressing multiple vulnerabilities in BSAFE SSL-J, including CVE-2024-29171. Further details on patches and mitigation are available in the Dell support knowledge base article at https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities.

Details

CWE(s): CWE-295

Affected Products

dell

bsafe ssl-j

≤ 6.6 · 7.0 — 7.2.1

References

https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com