Cyber Resilience

CVE-2024-37138

Medium

Published: 26 June 2024

Published
26 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
EPSS Score 0.0022 45.4th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37138 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Dell Data Domain Operating System. Its CVSS base score is 4.1 (Medium).

Operationally, ranked at the 45.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file…

more

to the managed system.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
data domain operating system
≤ 7.7.5.40 · 7.8.0.0 — 7.10.1.30 · 7.11.0.0 — 7.13.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References