Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.
2023-12-14T16:15:50.040
2024-11-21T08:32:13.730
Modified
CVSSv3.1: 7.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | dell | apex_protection_storage | < 6.2.1.110 | Yes |
| Application | dell | apex_protection_storage | < 7.10.1.15 | Yes |
| Application | dell | powerprotect_data_domain | < 6.2.1.110 | Yes |
| Application | dell | powerprotect_data_domain | < 7.12.0.0 | Yes |
| Application | dell | powerprotect_data_domain_management_center | < 6.2.1.110 | Yes |
| Application | dell | powerprotect_data_domain_management_center | < 7.13.0.10 | Yes |
| Operating System | dell | emc_data_domain_os | < 6.2.1.110 | Yes |
| Operating System | dell | emc_data_domain_os | < 7.12.0.0 | Yes |
| Operating System | dell | emc_data_domain_os | < 7.7.5.25 | Yes |
| Operating System | dell | emc_data_domain_os | < 7.10.1.15 | Yes |
| Operating System | dell | powerprotect_data_domain_management_center | < 7.7.5.25 | Yes |
| Operating System | dell | powerprotect_data_domain_management_center | < 7.10.1.15 | Yes |
| Hardware | dell | dd3300 | - | No |
| Hardware | dell | dd6400 | - | No |
| Hardware | dell | dd6900 | - | No |
| Hardware | dell | dd9400 | - | No |
| Hardware | dell | dd9900 | - | No |
| Application | dell | powerprotect_data_protection | < 2.7.6 | Yes |
| Hardware | dell | dp4400 | - | No |
| Hardware | dell | dp5900 | - | No |