CVE-2024-29172

Medium

Published: 12 February 2025

Published

12 February 2025

Modified

19 March 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0029 52.3th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29172 is a medium-severity Deadlock (CWE-833) vulnerability in Dell Bsafe Ssl-J. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 47.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and timely correction of the specific deadlock flaw in Dell BSAFE SSL-J versions, preventing exploitation via patching as detailed in Dell's advisory.

SC-5 Denial-of-service Protection good match

prevent

Implements denial-of-service protections at system entry and exit points to block remote attackers from triggering the deadlock vulnerability.

SC-6 Resource Availability partial match

prevent

Protects resource availability through priority allocation and mechanisms that mitigate the impact of deadlock-induced denial of service.

NVD Description

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

Deeper analysisAI

CVE-2024-29172 is a deadlock vulnerability (CWE-833, CWE-667) in Dell BSAFE SSL-J, affecting versions prior to 6.6 and versions 7.0 through 7.2. Published on 2025-02-12, it carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw allows a remote attacker to potentially trigger a denial of service condition.

A remote, unauthenticated attacker with network access can exploit this vulnerability to cause a deadlock, resulting in denial of service. Exploitation requires high attack complexity and does not involve user interaction or privileges, with impact limited to availability.

Dell's security advisory DSA-2024-221 details a security update for Dell BSAFE SSL-J addressing this and multiple other vulnerabilities. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities for patching instructions and mitigation guidance.

Details

CWE(s): CWE-833 CWE-667

Affected Products

dell

bsafe ssl-j

≤ 6.6 · 7.0 — 7.2.1

CVEs Like This One

CVE-2024-29171Same product: Dell Bsafe Ssl-J

CVE-2026-25907Same vendor: Dell

CVE-2025-24386Same vendor: Dell

CVE-2026-32655Same vendor: Dell

CVE-2026-27102Same vendor: Dell

CVE-2025-36604Same vendor: Dell

CVE-2026-26944Same vendor: Dell

CVE-2025-45379Same vendor: Dell

CVE-2025-21105Same vendor: Dell

CVE-2026-25906Same vendor: Dell

References

https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com