Cyber Resilience

CVE-2024-29171

Medium

Published: 12 February 2025

Published
12 February 2025
Modified
19 March 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0009 25.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29171 is a medium-severity Improper Certificate Validation (CWE-295) vulnerability in Dell Bsafe Ssl-J. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 25.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-29171 is an improper certificate verification vulnerability (CWE-295) in Dell BSAFE SSL-J, affecting versions prior to 6.6 and versions 7.0 through 7.2. This flaw enables a remote attacker to potentially bypass proper validation of certificates during SSL/TLS operations, with a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), rated as Medium severity due to high confidentiality impact.

A remote, unauthenticated attacker with network access can exploit this vulnerability, though it requires high attack complexity. No user interaction or privileges are needed, and exploitation leads to information disclosure without affecting integrity or availability.

Dell's DSA-2024-221 advisory provides a security update addressing multiple vulnerabilities in BSAFE SSL-J, including CVE-2024-29171. Further details on patches and mitigation are available in the Dell support knowledge base article at https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities.

EU & UK References

Vulnerability details

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate verification directly enables adversary-in-the-middle attacks by allowing spoofed TLS certificates to intercept confidential data.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-29172Same product: Dell Bsafe Ssl-J
CVE-2026-23776Same vendor: Dell
CVE-2024-31854Shared CWE-295
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-0500Shared CWE-295

Affected Assets

dell
bsafe ssl-j
≤ 6.6 · 7.0 — 7.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-17 mandates verification of PKI certificate validity criteria and processes, directly preventing exploitation of improper certificate verification in SSL/TLS operations.

prevent

SI-2 requires timely identification, reporting, and correction of flaws like CVE-2024-29171 in BSAFE SSL-J, eliminating the vulnerability through patching.

prevent

SC-13 enforces use of compliant cryptographic modules for protections like SSL/TLS, mitigating risks from flawed implementations in libraries such as BSAFE SSL-J.

References