CVE-2024-53296 - Vulnerability Details - OpenCVE

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dell	Data Domain Operating System

Configuration 1 [-]

OR	cpe:2.3:o:dell:data_domain_operating_system::::::::
	cpe:2.3:o:dell:data_domain_operating_system::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities

History

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell data Domain Operating System
Weaknesses		CWE-787
CPEs		cpe:2.3:o:dell:data_domain_operating_system::::::::
Vendors & Products		Dell Dell data Domain Operating System

Sat, 01 Feb 2025 04:15:00 +0000

Type	Values Removed	Values Added
Description		Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Weaknesses		CWE-121
References		https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities
Metrics		cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2025-02-01T03:56:38.147Z

Updated: 2025-02-12T20:51:22.499Z

Reserved: 2024-11-20T06:05:04.568Z

Link: CVE-2024-53296

Vulnrichment

Updated: 2025-02-12T20:41:18.545Z

NVD

Status : Analyzed

Published: 2025-02-01T04:15:31.293

Modified: 2025-02-07T19:54:50.490

Link: CVE-2024-53296

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53296", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-11-20T06:05:04.568Z", "datePublished": "2025-02-01T03:56:38.147Z", "dateUpdated": "2025-02-12T20:51:22.499Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerProtect DD", "vendor": "Dell", "versions": [{"lessThanOrEqual": "7.13.1.10", "status": "affected", "version": "7.13.1.0", "versionType": "semver"}, {"lessThanOrEqual": "7.10.1.40", "status": "affected", "version": "7.10.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank zzcentury for reporting this issue."}], "datePublic": "2025-01-30T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.<br>"}], "value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-02-01T03:56:38.147Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-53296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T15:48:35.858892Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:51:22.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-53296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T15:48:35.858892Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:18.545Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank zzcentury for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerProtect DD", "versions": [{"status": "affected", "version": "7.13.1.0", "versionType": "semver", "lessThanOrEqual": "7.13.1.10"}, {"status": "affected", "version": "7.10.1.0", "versionType": "semver", "lessThanOrEqual": "7.10.1.40"}], "defaultStatus": "unaffected"}], "datePublic": "2025-01-30T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-02-01T03:56:38.147Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53296", "state": "PUBLISHED", "dateUpdated": "2025-02-12T20:51:22.499Z", "dateReserved": "2024-11-20T06:05:04.568Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2025-02-01T03:56:38.147Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D56B479-FD54-438E-BDC2-FE21FCB7F647", "versionEndExcluding": "7.10.1.50", "versionStartIncluding": "7.10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "44959F58-CC82-4D06-9BF5-D92A566981D4", "versionEndExcluding": "7.13.1.20", "versionStartIncluding": "7.13.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service."}, {"lang": "es", "value": "Las versiones de Dell PowerProtect DD anteriores a 7.10.1.50 y 7.13.1.20 contienen una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en RestAPI. Un atacante con privilegios elevados y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio."}], "id": "CVE-2024-53296", "lastModified": "2025-02-07T19:54:50.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-01T04:15:31.293", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}