Cyber Resilience

CVE-2024-29172

Medium

Published: 12 February 2025

Published
12 February 2025
Modified
19 March 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0029 52.7th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29172 is a medium-severity Deadlock (CWE-833) vulnerability in Dell Bsafe Ssl-J. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-29172 is a deadlock vulnerability (CWE-833, CWE-667) in Dell BSAFE SSL-J, affecting versions prior to 6.6 and versions 7.0 through 7.2. Published on 2025-02-12, it carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw allows a remote attacker to potentially trigger a denial of service condition.

A remote, unauthenticated attacker with network access can exploit this vulnerability to cause a deadlock, resulting in denial of service. Exploitation requires high attack complexity and does not involve user interaction or privileges, with impact limited to availability.

Dell's security advisory DSA-2024-221 details a security update for Dell BSAFE SSL-J addressing this and multiple other vulnerabilities. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities for patching instructions and mitigation guidance.

EU & UK References

Vulnerability details

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The deadlock vulnerability in the SSL library directly enables remote exploitation causing application/system denial of service via crafted network input.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-29171Same product: Dell Bsafe Ssl-J
CVE-2026-25907Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2025-27688Same vendor: Dell
CVE-2026-31467Shared CWE-667
CVE-2025-24379Same vendor: Dell
CVE-2026-22284Same vendor: Dell
CVE-2026-22279Same vendor: Dell
CVE-2024-49564Same vendor: Dell
CVE-2025-36604Same vendor: Dell

Affected Assets

dell
bsafe ssl-j
≤ 6.6 · 7.0 — 7.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires identification, reporting, and timely correction of the specific deadlock flaw in Dell BSAFE SSL-J versions, preventing exploitation via patching as detailed in Dell's advisory.

prevent

Implements denial-of-service protections at system entry and exit points to block remote attackers from triggering the deadlock vulnerability.

prevent

Protects resource availability through priority allocation and mechanisms that mitigate the impact of deadlock-induced denial of service.

References