CVE-2023-48667

Published: Dec 14, 2023Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

Affected (13)

Products: Dell: Apex Protection Storage, Emc Data Domain Os, Powerprotect Data Domain, Powerprotect Data Domain Management Center, Powerprotect Data Protection

Dell

5 products

Apex Protection Storage

Emc Data Domain Os

Powerprotect Data Domain

Powerprotect Data Domain Management Center

Powerprotect Data Protection

Configuration A

12 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Dell Apex Protection Storage	Before 6.2.1.110
Dell Apex Protection Storage	From 7.0 to 7.10.1.15
Dell Emc Data Domain Os	Before 6.2.1.110
Dell Emc Data Domain Os	From 7.0 to 7.12.0.0
Dell Emc Data Domain Os	From 7.7 to 7.7.5.25
Dell Emc Data Domain Os	From 7.10 to 7.10.1.15
Dell Powerprotect Data Domain	Before 6.2.1.110
Dell Powerprotect Data Domain	From 7.0 to 7.12.0.0
Dell Powerprotect Data Domain Management Center	Before 6.2.1.110
Dell Powerprotect Data Domain Management Center	From 7.0 to 7.13.0.10
Dell Powerprotect Data Domain Management Center	From 7.7 to 7.7.5.25
Dell Powerprotect Data Domain Management Center	From 7.10 to 7.10.1.15