Vulnerability Details CVE-2024-29175
Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.7%
CVSS Severity
CVSS v3 Score 5.9
References
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities
Products affected by CVE-2024-29175
-
cpe:2.3:o:dell:data_domain_operating_system:-
-
cpe:2.3:o:dell:data_domain_operating_system:5.16.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.10.1.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.11.0.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.13
-
cpe:2.3:o:dell:data_domain_operating_system:7.7.1.0
-
cpe:2.3:o:dell:data_domain_operating_system:7.8.0.0