CVE-2024-51534
Published: 01 February 2025
Description
Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.
Security Summary
CVE-2024-51534 is a path traversal vulnerability (CWE-22, CWE-29) affecting Dell PowerProtect DD systems running versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20. It enables a local low-privileged user to potentially overwrite operating system files on the server filesystem. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impact on integrity and availability with no confidentiality impact.
A low-privileged local user can exploit this vulnerability to perform unauthorized overwrites of OS files, potentially leading to denial of service conditions on the affected PowerProtect DD system. The attack requires local access and low privileges, with low complexity and no user interaction needed.
Dell's security advisory DSA-2025-022, detailed at https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities, addresses this and other vulnerabilities in PowerProtect DD with a security update. Practitioners should apply patches to reach or exceed the fixed versions (DDOS 8.3.0.0, 7.10.1.50, or 7.13.1.20) to mitigate the issue.
Details
- CWE(s)