Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
27 Dec 2023, 19:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dell dp5900
Dell dd9900 Dell dd3300 Dell powerprotect Data Domain Management Center Dell apex Protection Storage Dell dd6900 Dell dd6400 Dell powerprotect Data Domain Dell emc Data Domain Os Dell dd9400 Dell dp4400 Dell powerprotect Data Protection Dell |
|
CPE | cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:* cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:* cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:* cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:* cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:* cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:* cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:* cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:* cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:* cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:* cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:* |
|
References | () https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities - Vendor Advisory | |
Summary |
|
14 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 16:15
Updated : 2023-12-27 19:30
NVD link : CVE-2023-48667
Mitre link : CVE-2023-48667
CVE.ORG link : CVE-2023-48667
JSON object : View
Products Affected
dell
- powerprotect_data_domain_management_center
- emc_data_domain_os
- dp5900
- dd9400
- dp4400
- dd6900
- powerprotect_data_protection
- apex_protection_storage
- dd3300
- powerprotect_data_domain
- dd6400
- dd9900
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')