exploitDog

CVE-2024-37140

Опубликовано: 26 июн. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*

Версия до 7.7.5.40 (исключая)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*

Версия от 7.8.0.0 (включая) до 7.10.1.30 (исключая)

cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*

Версия от 7.11.0.0 (включая) до 7.13.1.0 (исключая)

EPSS

Процентиль: 91%

0.07285

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-59hv-9255-jc7h

CVSS3: 8.8

github

больше 1 года назад

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

EPSS

Процентиль: 91%

0.07285

Низкий

8.8 High

CVSS3

Дефекты

CWE-78