Login Sign Up

CVE-2024-24908

6.5 MEDIUM
Path Traversal

📋 TL;DR

CVE-2024-24908 is a path traversal vulnerability in Dell PowerProtect DM5500 that allows authenticated high-privilege attackers to delete arbitrary files on the server filesystem. This affects Dell PowerProtect DM5500 version 5.15.0.0 and earlier. The vulnerability could lead to data loss, service disruption, or system compromise.

💻 Affected Systems

Products:
  • Dell PowerProtect DM5500
Versions: 5.15.0.0 and prior
Operating Systems: Appliance OS (Linux-based)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires high-privilege user access. The vulnerability exists in the web management interface component.

📦 What is this software?

Dm5500 Firmware by Dell

View all CVEs affecting Dm5500 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to permanent data loss and service unavailability.

🟠

Likely Case

Targeted deletion of backup data or configuration files causing service disruption and data recovery challenges.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, with potential for detection before significant damage.

🌐 Internet-Facing: MEDIUM - Requires high-privilege credentials, but internet-facing instances could be targeted by credential theft or brute force attacks.
🏢 Internal Only: HIGH - Internal attackers with legitimate high privileges could exploit this easily to cause significant damage.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated high-privilege access. Path traversal vulnerabilities are typically straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 5.15.0.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000224843/dsa-2024-083-security-update-for-dell-powerprotect-data-manager-appliance-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the latest firmware from Dell Support. 2. Backup current configuration. 3. Apply the update through the appliance management interface. 4. Restart the appliance as prompted. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit high-privilege user accounts to only essential personnel and implement strict access controls.

Network Segmentation

all

Isolate the PowerProtect appliance from general network access and restrict to backup-related traffic only.

🧯 If You Can't Patch

  • Implement strict least-privilege access controls and monitor all administrative activity
  • Enable comprehensive logging and implement file integrity monitoring for critical system directories

🔍 How to Verify

Check if Vulnerable:

Check the appliance version in the web management interface under Settings > System Information

Check Version:

ssh admin@<appliance-ip> 'cat /etc/version' or check web interface

Verify Fix Applied:

Verify the version is 5.15.0.1 or later in the web management interface

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in system logs
  • Multiple failed authentication attempts followed by successful login
  • Administrative user performing unexpected file operations

Network Indicators:

  • Unusual HTTP requests with path traversal patterns (../ sequences) to management interface

SIEM Query:

source="powerprotect-logs" AND (event_type="file_delete" AND path="*../*") OR (auth_failure>3 AND auth_success=1)

📊 Metadata

CVE ID: CVE-2024-24908
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: May 8, 2024
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24908, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)