Details of VAR-202502-0267

ID

VAR-202502-0267

CVE

CVE-2024-51534

TITLE

Dell's data domain operating system Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-018471

DESCRIPTION

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. Dell's data domain operating system Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell PowerProtect DD is a series of data protection storage appliances from Dell, built on the Data Domain platform and designed specifically for enterprise users. Dell PowerProtect DD contains a path traversal vulnerability that could allow an attacker to illegally overwrite operating system files in the server file system, causing a denial of service

Trust: 2.16

sources: NVD: CVE-2024-51534 // JVNDB: JVNDB-2024-018471 // CNVD: CNVD-2025-17512

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17512

AFFECTED PRODUCTS

vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.10.1.50	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.10.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	8.3.0.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.13.1.0	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	lt	version:	7.13.1.20	Trust: 1.0
vendor:	dell	model:	data domain operating system	scope:	gte	version:	7.14.0.0	Trust: 1.0
vendor:	デル	model:	data domain operating system	scope:	eq	version:	7.13.1.0 that's all 7.13.1.20	Trust: 0.8
vendor:	デル	model:	data domain operating system	scope:	eq	version:	7.10.1.0 that's all 7.10.1.50	Trust: 0.8
vendor:	デル	model:	data domain operating system	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	data domain operating system	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	data domain operating system	scope:	eq	version:	7.14.0.0 that's all 8.3.0.0	Trust: 0.8
vendor:	dell	model:	powerprotect dd	scope:	lt	version:	8.3.0.0	Trust: 0.6
vendor:	dell	model:	powerprotect dd	scope:	lt	version:	7.10.1.50	Trust: 0.6
vendor:	dell	model:	powerprotect dd	scope:	lt	version:	7.13.1.20	Trust: 0.6

sources: CNVD: CNVD-2025-17512 // JVNDB: JVNDB-2024-018471 // NVD: CVE-2024-51534

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-51534
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-51534
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-51534
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17512
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-17512
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2024-51534
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2024-51534
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17512 // JVNDB: JVNDB-2024-018471 // NVD: CVE-2024-51534 // NVD: CVE-2024-51534

PROBLEMTYPE DATA

problemtype:	CWE-29	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8
problemtype:	path traversal (/../filename)(CWE-29) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-018471 // NVD: CVE-2024-51534

PATCH

title:

Patch for Dell PowerProtect DD Path Traversal Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/714746

Trust: 0.6

sources: CNVD: CNVD-2025-17512

EXTERNAL IDS

db:	NVD	id:	CVE-2024-51534	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-018471	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17512	Trust: 0.6

sources: CNVD: CNVD-2025-17512 // JVNDB: JVNDB-2024-018471 // NVD: CVE-2024-51534

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000279157/dsa-2025-022-security-update-for-dell-powerprotect-dd-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-51534	Trust: 1.4

sources: CNVD: CNVD-2025-17512 // JVNDB: JVNDB-2024-018471 // NVD: CVE-2024-51534

SOURCES

db:	CNVD	id:	CNVD-2025-17512
db:	JVNDB	id:	JVNDB-2024-018471
db:	NVD	id:	CVE-2024-51534

LAST UPDATE DATE

2025-08-06T23:25:16.454000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17512	date:	2025-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-018471	date:	2025-02-10T01:05:00
db:	NVD	id:	CVE-2024-51534	date:	2025-02-07T19:58:25.567

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17512	date:	2025-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2024-018471	date:	2025-02-10T00:00:00
db:	NVD	id:	CVE-2024-51534	date:	2025-02-01T04:15:31.150