CVE-2023-48667

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
dellCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellapex_protection_storage
𝑥
< 6.2.1.110
dellapex_protection_storage
7.0 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain
𝑥
< 6.2.1.110
dellpowerprotect_data_domain
7.0 ≤
𝑥
< 7.12.0.0
dellpowerprotect_data_domain_management_center
𝑥
< 6.2.1.110
dellpowerprotect_data_domain_management_center
7.0 ≤
𝑥
< 7.13.0.10
dellemc_data_domain_os
𝑥
< 6.2.1.110
dellemc_data_domain_os
7.0 ≤
𝑥
< 7.12.0.0
dellemc_data_domain_os
7.7 ≤
𝑥
< 7.7.5.25
dellemc_data_domain_os
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_domain_management_center
7.7 ≤
𝑥
< 7.7.5.25
dellpowerprotect_data_domain_management_center
7.10 ≤
𝑥
< 7.10.1.15
dellpowerprotect_data_protection
𝑥
< 2.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities