CVE-2024-29173
📋 TL;DR
This SSRF vulnerability in Dell PowerProtect DD allows remote attackers with high privileges to make the server send requests to internal systems, potentially exposing sensitive information. It affects PowerProtect DD versions before 8.0 and specific LTS releases. Attackers could access internal services that should not be externally reachable.
💻 Affected Systems
- Dell PowerProtect DD
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains access to internal metadata services, cloud credentials, or other internal APIs, leading to full system compromise or data exfiltration.
Likely Case
Information disclosure from internal services accessible to the PowerProtect DD server, potentially including configuration data or limited internal network access.
If Mitigated
Limited impact due to network segmentation and proper access controls restricting what internal resources the server can reach.
🎯 Exploit Status
Requires high privileged credentials. No public exploit code available at time of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version 8.0 or later, or apply LTS patches: 7.13.1.0, 7.10.1.30, 7.7.5.40
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Download appropriate patch from Dell Support. 2. Apply patch following Dell PowerProtect DD update procedures. 3. Restart system as required. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Network Segmentation
allRestrict PowerProtect DD server's outbound network access to only necessary services
Privilege Reduction
allReview and minimize high privilege accounts with access to PowerProtect DD management interfaces
🧯 If You Can't Patch
- Implement strict network segmentation to limit what internal resources the PowerProtect DD server can access
- Monitor for unusual outbound connections from PowerProtect DD servers to internal services
🔍 How to Verify
Check if Vulnerable:
Check PowerProtect DD version via web interface or CLI. If version is prior to 8.0 or not one of the patched LTS versions, system is vulnerable.Check Version:
From PowerProtect DD CLI: versionVerify Fix Applied:
Verify version shows 8.0 or later, or one of the patched LTS versions: 7.13.1.0, 7.10.1.30, 7.7.5.40📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP/HTTPS requests from PowerProtect DD server to internal IP ranges
- Multiple failed authentication attempts followed by successful high privilege login
Network Indicators:
- PowerProtect DD server making requests to internal metadata services (169.254.169.254, etc.)
- Unexpected connections from PowerProtect DD to internal services
SIEM Query:
source="PowerProtect-DD" AND (dest_ip=169.254.169.254 OR dest_ip IN [internal_ranges]) AND protocol IN [http,https]🔗 References
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities
