Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 08:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities - Vendor Advisory |
27 Dec 2023, 19:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities - Vendor Advisory | |
CWE | CWE-78 | |
First Time |
Dell dd6900
Dell dd3300 Dell dd9900 Dell dp4400 Dell powerprotect Data Protection Dell dd9400 Dell powerprotect Data Domain Management Center Dell Dell dp5900 Dell apex Protection Storage Dell powerprotect Data Domain Dell dd6400 Dell emc Data Domain Os |
|
CPE | cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:* cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:* cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:* cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:* cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:* cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
14 Dec 2023, 15:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 15:15
Updated : 2024-11-21 08:25
NVD link : CVE-2023-44277
Mitre link : CVE-2023-44277
CVE.ORG link : CVE-2023-44277
JSON object : View
Products Affected
dell
- dd6900
- dp4400
- dd3300
- dp5900
- powerprotect_data_domain
- dd9400
- apex_protection_storage
- powerprotect_data_protection
- powerprotect_data_domain_management_center
- dd9900
- emc_data_domain_os
- dd6400
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')