Lucene search

[email protected]CVE-2023-44279

HistoryDec 14, 2023 - 4:15 p.m.

CVE-2023-44279

2023-12-1416:15:46

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-44279

dell powerprotect

os command injection

vulnerability

security restrictions

system takeover

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker

Affected configurations

NVD

Node

dellpowerprotect_data_protectionRange<2.7.6

AND

delldp4400Match-

delldp5900Match-

Node

dellapex_protection_storageRange<6.2.1.110

dellapex_protection_storageRange7.0–7.10.1.15

dellpowerprotect_data_domainRange<6.2.1.110virtual

dellpowerprotect_data_domainRange7.0–7.12.0.0virtual

dellpowerprotect_data_domain_management_centerRange<6.2.1.110

dellpowerprotect_data_domain_management_centerRange7.0–7.13.0.10

dellemc_data_domain_osRange<6.2.1.110

dellemc_data_domain_osRange7.0–7.12.0.0

dellemc_data_domain_osRange7.7–7.7.5.25lts2022

dellemc_data_domain_osRange7.10–7.10.1.15lts2023

dellpowerprotect_data_domain_management_centerRange7.7–7.7.5.25lts2022

dellpowerprotect_data_domain_management_centerRange7.10–7.10.1.15lts2023

AND

delldd3300Match-

delldd6400Match-

delldd6900Match-

delldd9400Match-

delldd9900Match-

CPENameOperatorVersion
dell:powerprotect_data_protectiondell powerprotect data protectionlt2.7.6

CPE	Name	Operator	Version
dell:powerprotect_data_protection	dell powerprotect data protection	lt	2.7.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 7.13.0.10,  LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2023-44279

cvelist1 nvd1 prion1