CVE-2024-45759 – Dell PowerProtect Data Domain has a local privi... (How to Fix)

Q: What is the severity of CVE-2024-45759?

CVE-2024-45759 has a CVSS score of 6.8 (MEDIUM). Dell PowerProtect Data Domain has a local privilege escalation vulnerability where authenticated low-privileged users can execute unauthorized commands to overwrite system configuration. This could lead to denial of service or system compromise. Affects Dell PowerProtect Data Domain versions before specified security updates.

📋 TL;DR

Dell PowerProtect Data Domain has a local privilege escalation vulnerability where authenticated low-privileged users can execute unauthorized commands to overwrite system configuration. This could lead to denial of service or system compromise. Affects Dell PowerProtect Data Domain versions before specified security updates.

💻 Affected Systems

Products:

Dell PowerProtect Data Domain

Versions: Versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50

Operating Systems: DD OS (Data Domain Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. Requires local authenticated access with low privileges.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via configuration overwrite leading to persistent backdoor, data loss, or permanent denial of service requiring system rebuild.

🟠

Likely Case

Local attacker gains elevated privileges, modifies system configuration causing service disruption or data integrity issues.

🟢

If Mitigated

Limited impact due to strict access controls and monitoring, with quick detection of unauthorized configuration changes.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: HIGH - Malicious insider or compromised low-privileged account can exploit this to gain elevated privileges and disrupt critical backup infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access. No public exploit code available at time of analysis. CWE-266 indicates incorrect privilege assignment issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.0.0, 7.13.1.10, 7.10.1.40, or 7.7.5.50 depending on current version

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability

Restart Required: Yes

Instructions:

1. Download appropriate patch from Dell Support. 2. Apply patch following Dell PowerProtect Data Domain update procedures. 3. Reboot system as required. 4. Verify patch installation and system functionality.

🔧 Temporary Workarounds

Restrict Local Access

linux

Limit local shell access to only necessary administrative users

# Review and restrict user accounts with shell access
# Use 'useradmin' or similar commands to modify user privileges

Enhanced Monitoring

all

Monitor for unauthorized configuration changes and privilege escalation attempts

# Configure audit logging for configuration changes
# Monitor system logs for suspicious activity

🧯 If You Can't Patch

Implement strict access controls - only grant local access to trusted administrators
Enable comprehensive logging and monitoring for configuration changes and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check current version using 'version' command in DD OS CLI and compare against patched versions

Check Version:

version

Verify Fix Applied:

Verify version is 8.1.0.0, 7.13.1.10, 7.10.1.40, or 7.7.5.50 or later using 'version' command

📡 Detection & Monitoring

Log Indicators:

Unauthorized configuration file modifications
Privilege escalation attempts
Unexpected command execution by low-privileged users

Network Indicators:

N/A - Local vulnerability

SIEM Query:

source="dd_system_logs" AND (event_type="config_change" OR event_type="privilege_escalation") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2024-45759

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H

CWE: CWE-266

Published: November 8, 2024

Last Updated: November 26, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45759, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

Data Domain Operating System by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

Enhanced Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities