{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29175", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-03-18T08:44:18.923Z", "datePublished": "2024-06-26T03:03:06.155Z", "dateUpdated": "2024-07-11T15:17:48.750Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerProtect DD", "vendor": "Dell", "versions": [{"lessThanOrEqual": "7.13", "status": "affected", "version": "7.0", "versionType": "semver"}, {"lessThan": "2.7.7", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "5.16.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThanOrEqual": "7.13", "status": "affected", "version": "7.8", "versionType": "semver"}]}], "datePublic": "2024-06-24T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information."}], "value": "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-06-26T03:03:06.155Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dell", "product": "powerprotect_dd", "cpes": ["cpe:2.3:h:dell:powerprotect_dd:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.0", "status": "affected", "lessThanOrEqual": "7.13", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "2.7.7", "versionType": "semver"}, {"version": "0", "status": "affected", "lessThan": "5.16.0.0", "versionType": "semver"}, {"version": "7.8", "status": "affected", "lessThanOrEqual": "7.13", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T15:11:41.076013Z", "id": "CVE-2024-29175", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T15:17:48.750Z"}}]}}

{"descriptions": [{"lang": "en", "value": "Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information."}, {"lang": "es", "value": "Dell PowerProtect Data Domain, versiones anteriores a 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contienen una vulnerabilidad de algoritmo criptogr\u00e1fico d\u00e9bil. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda un ataque de intermediario que exponga informaci\u00f3n confidencial de la sesi\u00f3n."}], "id": "CVE-2024-29175", "lastModified": "2024-06-26T12:44:29.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-06-26T03:15:10.303", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "security_alert@emc.com", "type": "Secondary"}]}

{}