CVE-2023-44279

Dell PowerProtect DD , versions prior to 7.13.0.10,  LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
dellCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
dellpowerprotect_data_protection
𝑥
< 2.7.6
dellapex_protection_storage
𝑥
< 6.2.1.110
dellapex_protection_storage
7.0 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain
𝑥
< 6.2.1.110
dellpowerprotect_data_domain
7.0 ≤
𝑥
< 7.12.0.0
dellpowerprotect_data_domain_management_center
𝑥
< 6.2.1.110
dellpowerprotect_data_domain_management_center
7.0 ≤
𝑥
< 7.13.0.10
dellemc_data_domain_os
𝑥
< 6.2.1.110
dellemc_data_domain_os
7.0 ≤
𝑥
< 7.12.0.0
dellemc_data_domain_os
7.7 ≤
𝑥
< 7.7.5.25
dellemc_data_domain_os
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain_management_center
7.7 ≤
𝑥
< 7.7.5.25
dellpowerprotect_data_domain_management_center
7.10 ≤
𝑥
< 7.10.1.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities