Sign-up

ID

VAR-202411-0631


CVE

CVE-2024-48010


TITLE

Dell's  data domain operating system  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-013532

DESCRIPTION

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application. Dell's data domain operating system Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell)

Trust: 2.16

sources: NVD: CVE-2024-48010 // JVNDB: JVNDB-2024-013532 // CNVD: CNVD-2024-44920

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-44920

AFFECTED PRODUCTS

vendor:dellmodel:data domain operating systemscope:ltversion:7.7.5.50

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:gteversion:7.10.0.0

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:gteversion:7.13.0.0

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:gteversion:7.7.0.0

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:ltversion:7.10.1.40

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:ltversion:7.13.1.10

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:ltversion:8.1.0.0

Trust: 1.0

vendor:dellmodel:data domain operating systemscope:gteversion:8.0.0.0

Trust: 1.0

vendor:デルmodel:data domain operating systemscope:eqversion: -

Trust: 0.8

vendor:デルmodel:data domain operating systemscope:eqversion:7.7.0.0 that's all 7.7.5.50

Trust: 0.8

vendor:デルmodel:data domain operating systemscope:eqversion:7.10.0.0 that's all 7.10.1.40

Trust: 0.8

vendor:デルmodel:data domain operating systemscope:eqversion:8.0.0.0 that's all 8.1.0.0

Trust: 0.8

vendor:デルmodel:data domain operating systemscope: - version: -

Trust: 0.8

vendor:デルmodel:data domain operating systemscope:eqversion:7.13.0.0 that's all 7.13.1.10

Trust: 0.8

vendor:dellmodel:powerprotect ddscope:ltversion:7.7.5.50

Trust: 0.6

vendor:dellmodel:powerprotect ddscope:ltversion:8.1.0.0

Trust: 0.6

vendor:dellmodel:powerprotect ddscope:ltversion:7.13.1.10

Trust: 0.6

vendor:dellmodel:powerprotect ddscope:ltversion:7.10.1.40

Trust: 0.6

sources: CNVD: CNVD-2024-44920 // JVNDB: JVNDB-2024-013532 // NVD: CVE-2024-48010

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com: CVE-2024-48010
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-48010
value: HIGH

Trust: 1.0

NVD: CVE-2024-48010
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-44920
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-44920
severity: HIGH
baseScore: 7.7
vectorString: AV:N/AC:L/AU:M/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

security_alert@emc.com: CVE-2024-48010
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-48010
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-48010
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-44920 // JVNDB: JVNDB-2024-013532 // NVD: CVE-2024-48010 // NVD: CVE-2024-48010

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-013532 // NVD: CVE-2024-48010

PATCH

title:Patch for Dell PowerProtect DD Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/618166

Trust: 0.6

sources: CNVD: CNVD-2024-44920

EXTERNAL IDS

db:NVDid:CVE-2024-48010

Trust: 3.2

db:JVNDBid:JVNDB-2024-013532

Trust: 0.8

db:CNVDid:CNVD-2024-44920

Trust: 0.6

sources: CNVD: CNVD-2024-44920 // JVNDB: JVNDB-2024-013532 // NVD: CVE-2024-48010

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-48010

Trust: 1.4

sources: CNVD: CNVD-2024-44920 // JVNDB: JVNDB-2024-013532 // NVD: CVE-2024-48010

SOURCES

db:CNVDid:CNVD-2024-44920
db:JVNDBid:JVNDB-2024-013532
db:NVDid:CVE-2024-48010

LAST UPDATE DATE

2024-11-28T22:59:28.051000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-44920date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-013532date:2024-11-27T01:30:00
db:NVDid:CVE-2024-48010date:2024-11-26T19:26:13.733

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-44920date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-013532date:2024-11-27T00:00:00
db:NVDid:CVE-2024-48010date:2024-11-08T03:15:03.933