Login Sign Up

CVE-2024-51534

7.1 HIGH
Denial of Service Path Traversal

📋 TL;DR

A local path traversal vulnerability in Dell PowerProtect DD allows low-privileged users to overwrite OS files, potentially causing denial of service. This affects Dell PowerProtect DD systems running versions before DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20.

💻 Affected Systems

Products:
  • Dell PowerProtect DD
Versions: All versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20
Operating Systems: DDOS (Dell Data Operating System)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default configurations. Requires local access with low privileges.

📦 What is this software?

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

Data Domain Operating System by Dell

View all CVEs affecting Data Domain Operating System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through OS file manipulation leading to permanent denial of service or privilege escalation.

🟠

Likely Case

Local user causes denial of service by overwriting critical system files, requiring system restoration.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place.

🌐 Internet-Facing: LOW (requires local access to exploit)
🏢 Internal Only: HIGH (any authenticated low-privileged user could potentially exploit)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of vulnerable paths. No public exploit available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DDOS 8.3.0.0, 7.10.1.50, or 7.13.1.20

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Review Dell advisory DSA-2025-022. 2. Download appropriate patch version for your system. 3. Apply update following Dell PowerProtect DD update procedures. 4. Verify successful update.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to only trusted administrators

Implement file integrity monitoring

all

Monitor critical OS files for unauthorized changes

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Deploy file integrity monitoring on critical system directories

🔍 How to Verify

Check if Vulnerable:

Check current DDOS version via system administration interface or CLI

Check Version:

system version show (or equivalent DDOS command)

Verify Fix Applied:

Verify system is running DDOS 8.3.0.0, 7.10.1.50, or 7.13.1.20 or later

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file write attempts to system directories
  • Path traversal patterns in file operations

Network Indicators:

  • N/A (local exploit)

SIEM Query:

source="powerprotect-dd" AND (event_type="file_write" AND path="../" OR path contains "..")

📊 Metadata

CVE ID: CVE-2024-51534
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-29
EPSS Score: 0.06% exploit probability (17.2th percentile)
Published: February 1, 2025
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51534, you might also want to check these:

CVE-2024-2083 9.9

A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitr...

Same vulnerability type (CWE-29)
CVE-2024-2624 9.8

This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the loll...

Same vulnerability type (CWE-29)
CVE-2024-2358 9.8

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows att...

Same vulnerability type (CWE-29)