Dell PowerProtect DD <8.3.0.0 Improper Access Control (Privilege Escalation)
CVE-2024-53295 Published on February 1, 2025
Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.
Vulnerability Analysis
CVE-2024-53295 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Products Associated with CVE-2024-53295
Want to know whenever a new CVE is published for Dell Data Domain Operating System? stack.watch will email you.
Affected Versions
Dell PowerProtect DD:- Version 7.7.1.0, <= 8.1.0.10 is affected.
- Version 7.13.1.0, <= 7.13.1.10 is affected.
- Version 7.10.1.0, <= 7.10.1.40 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.