Lucene search

[email protected]CVE-2023-44285

HistoryDec 14, 2023 - 4:15 p.m.

CVE-2023-44285

2023-12-1416:15:47

CWE-1220

[email protected]

web.nvd.nist.gov

cve-2023-44285

dell powerprotect

access control vulnerability

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Affected configurations

NVD

Node

dellpowerprotect_data_protectionRange<2.7.6

AND

delldp4400Match-

delldp5900Match-

Node

dellapex_protection_storageRange<6.2.1.110

dellapex_protection_storageRange7.0–7.10.1.15

dellpowerprotect_data_domainRange<6.2.1.110virtual

dellpowerprotect_data_domainRange7.0–7.12.0.0virtual

dellpowerprotect_data_domain_management_centerRange<6.2.1.110

dellpowerprotect_data_domain_management_centerRange7.0–7.13.0.10

dellemc_data_domain_osRange<6.2.1.110

dellemc_data_domain_osRange7.0–7.12.0.0

dellemc_data_domain_osRange7.7–7.7.5.25lts2022

dellemc_data_domain_osRange7.10–7.10.1.15lts2023

dellpowerprotect_data_domain_management_centerRange7.7–7.7.5.25lts2022

dellpowerprotect_data_domain_management_centerRange7.10–7.10.1.15lts2023

AND

delldd3300Match-

delldd6400Match-

delldd6900Match-

delldd9400Match-

delldd9900Match-

CPENameOperatorVersion
dell:powerprotect_data_protectiondell powerprotect data protectionlt2.7.6

CPE	Name	Operator	Version
dell:powerprotect_data_protection	dell powerprotect data protection	lt	2.7.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-44285

cnvd1 cvelist1 nvd1 prion1