CVE-2024-29176 - OpenCVE

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Data Domain Operating System

Configuration 1 [-]

OR	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities

History

Mon, 23 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell data Domain Operating System
Weaknesses		CWE-119
CPEs		cpe:2.3:o:dell:data_domain_operating_system::::::::
Vendors & Products		Dell Dell data Domain Operating System

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-06-26T02:37:54.785Z

Updated: 2024-08-02T01:10:54.073Z

Reserved: 2024-03-18T08:44:18.924Z

Link: CVE-2024-29176

Vulnrichment

Updated: 2024-08-02T01:10:54.073Z

NVD

Status : Undergoing Analysis

Published: 2024-06-26T03:15:10.533

Modified: 2024-09-23T21:11:39.197

Link: CVE-2024-29176

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29176", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-03-18T08:44:18.924Z", "datePublished": "2024-06-26T02:37:54.785Z", "dateUpdated": "2024-08-02T01:10:54.073Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerProtect DD", "vendor": "Dell", "versions": [{"lessThanOrEqual": "7.13", "status": "affected", "version": "7.0", "versionType": "semver"}, {"lessThan": "2.7.7", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "5.16.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2024-06-24T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application."}], "value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-788", "description": "CWE-788: Access of Memory Location After End of Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-06-26T02:37:54.785Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dell", "product": "powerprotect_dd", "cpes": ["cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.0", "status": "affected", "lessThanOrEqual": "7.13", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "2.7.7", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "5.16.0.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T15:30:17.062826Z", "id": "CVE-2024-29176", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T13:36:36.074Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.073Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.073Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29176", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T15:30:17.062826Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "powerprotect_dd", "versions": [{"status": "affected", "version": "7.0", "versionType": "semver", "lessThanOrEqual": "7.13"}, {"status": "affected", "version": "0", "lessThan": "2.7.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "5.16.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T15:40:58.827Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerProtect DD", "versions": [{"status": "affected", "version": "7.0", "versionType": "semver", "lessThanOrEqual": "7.13"}, {"status": "affected", "version": "N/A", "lessThan": "2.7.7", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "5.16.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-24T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-788", "description": "CWE-788: Access of Memory Location After End of Buffer"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-06-26T02:37:54.785Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29176", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:10:54.073Z", "dateReserved": "2024-03-18T08:44:18.924Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-06-26T02:37:54.785Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A0B6C8-491A-46F2-A330-15000DE501BA", "versionEndExcluding": "7.7.5.40", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "28F4339F-F4B0-479A-B300-ADB987171B31", "versionEndExcluding": "7.10.1.30", "versionStartIncluding": "7.8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EF3066F-F378-4AA6-B50C-B33C22C57492", "versionEndExcluding": "7.13.1.0", "versionStartIncluding": "7.11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application."}, {"lang": "es", "value": "Dell PowerProtect DD, versiones anteriores a 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contienen una vulnerabilidad de desbordamiento del b\u00fafer. Un atacante remoto con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda un bloqueo de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema operativo subyacente de la aplicaci\u00f3n vulnerable con los privilegios de la aplicaci\u00f3n vulnerable."}], "id": "CVE-2024-29176", "lastModified": "2024-09-23T21:11:39.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-06-26T03:15:10.533", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-788"}], "source": "security_alert@emc.com", "type": "Secondary"}]}