CVE-2024-28976 – Dell Repository Manager versions before 3.4.5 c... (How to Fix)

Q: What is the severity of CVE-2024-28976?

CVE-2024-28976 has a CVSS score of 8.8 (HIGH). Dell Repository Manager versions before 3.4.5 contain a path traversal vulnerability in the API module. A local attacker with low privileges can exploit this to write arbitrary files to the server filesystem with web application privileges. This affects organizations using vulnerable versions of Dell Repository Manager.

📋 TL;DR

Dell Repository Manager versions before 3.4.5 contain a path traversal vulnerability in the API module. A local attacker with low privileges can exploit this to write arbitrary files to the server filesystem with web application privileges. This affects organizations using vulnerable versions of Dell Repository Manager.

💻 Affected Systems

Products:

Dell Repository Manager

Versions: Versions prior to 3.4.5

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access with low privileges; web application must be running.

📦 What is this software?

Repository Manager by Dell

View all CVEs affecting Repository Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file writes leading to privilege escalation, remote code execution, or data destruction.

🟠

Likely Case

Unauthorized file writes allowing data manipulation, configuration changes, or planting backdoors for persistence.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though file system integrity could still be compromised.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but low privileges; path traversal vulnerabilities are typically straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.5

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000224412/dsa-2024-189-security-update-for-dell-repository

Restart Required: Yes

Instructions:

1. Download Dell Repository Manager 3.4.5 from Dell's official site. 2. Backup current configuration. 3. Run installer to upgrade. 4. Restart the application/service.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running Dell Repository Manager to trusted administrators only.

File System Permissions

all

Apply strict file system permissions to directories accessible by the web application.

chmod 750 /path/to/dell-repository-manager (Linux)
icacls "C:\Program Files\Dell\Repository Manager" /deny Users:F (Windows)

🧯 If You Can't Patch

Isolate the system on a restricted network segment with no internet access.
Implement application whitelisting to prevent execution of unauthorized files.

🔍 How to Verify

Check if Vulnerable:

Check Dell Repository Manager version in application interface or installation directory.

Check Version:

On Windows: Check 'About' in application GUI or registry. On Linux: Check version file in installation directory.

Verify Fix Applied:

Confirm version is 3.4.5 or later in application interface.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in application logs
API requests with path traversal patterns (e.g., '../')

Network Indicators:

Local API calls to vulnerable endpoints

SIEM Query:

source="dell-repository-manager" AND (message="*../*" OR message="*file_write*")

📊 Metadata

CVE ID: CVE-2024-28976

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: April 24, 2024

Last Updated: January 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28976, you might also want to check these: