CVE-2024-53295

High

Published: 01 February 2025

Published

01 February 2025

Modified

07 February 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Security Summary

CVE-2024-53295 is an improper access control vulnerability affecting Dell PowerProtect DD systems in versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20. Published on February 1, 2025, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-1220 and NVD-CWE-Other. The flaw stems from inadequate access controls, allowing unauthorized manipulation of system resources.

A local malicious user with low privileges can exploit this vulnerability without user interaction. Successful exploitation enables escalation of privileges, potentially granting full administrative access and compromising confidentiality, integrity, and availability of the affected system.

Dell's security advisory DSA-2025-022, detailed at https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities, addresses this and other vulnerabilities in PowerProtect DD. Mitigation requires updating to Dell PowerProtect DD version 8.3.0.0 or later, 7.10.1.50 or later, or 7.13.1.20 or later, depending on the supported branch.

Details

CWE(s): CWE-1220NVD-CWE-Other

Affected Products

dell

data domain operating system

7.10.1.0 — 7.10.1.50 · 7.13.1.0 — 7.13.1.20 · 7.14.0.0 — 8.3.0.0

References

https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com