CVE-2023-44277

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
dellpowerprotect_data_protection
𝑥
< 2.7.6
dellapex_protection_storage
𝑥
< 6.2.1.110
dellapex_protection_storage
7.0 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain
𝑥
< 6.2.1.110
dellpowerprotect_data_domain
7.0 ≤
𝑥
< 7.12.0.0
dellpowerprotect_data_domain_management_center
𝑥
< 6.2.1.110
dellpowerprotect_data_domain_management_center
7.0 ≤
𝑥
< 7.13.0.10
dellemc_data_domain_os
𝑥
< 6.2.1.110
dellemc_data_domain_os
7.0 ≤
𝑥
< 7.12.0.0
dellemc_data_domain_os
7.7 ≤
𝑥
< 7.7.5.25
dellemc_data_domain_os
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain_management_center
7.7 ≤
𝑥
< 7.7.5.25
dellpowerprotect_data_domain_management_center
7.10 ≤
𝑥
< 7.10.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities