Lucene search

[email protected]CVE-2023-48667

HistoryDec 14, 2023 - 4:15 p.m.

CVE-2023-48667

2023-12-1416:15:50

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-48667

dell powerprotect dd

os command injection

security vulnerability

remote attacker

system takeover

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

Affected configurations

NVD

Node

dellapex_protection_storageRange<6.2.1.110

dellapex_protection_storageRange7.0–7.10.1.15

dellpowerprotect_data_domainRange<6.2.1.110virtual

dellpowerprotect_data_domainRange7.0–7.12.0.0virtual

dellpowerprotect_data_domain_management_centerRange<6.2.1.110

dellpowerprotect_data_domain_management_centerRange7.0–7.13.0.10

dellemc_data_domain_osRange<6.2.1.110

dellemc_data_domain_osRange7.0–7.12.0.0

dellemc_data_domain_osRange7.7–7.7.5.25lts2022

dellemc_data_domain_osRange7.10–7.10.1.15lts2023

dellpowerprotect_data_domain_management_centerRange7.7–7.7.5.25lts2022

dellpowerprotect_data_domain_management_centerRange7.10–7.10.1.15lts2023

AND

delldd3300Match-

delldd6400Match-

delldd6900Match-

delldd9400Match-

delldd9900Match-

Node

dellpowerprotect_data_protectionRange<2.7.6

AND

delldp4400Match-

delldp5900Match-

CPENameOperatorVersion
dell:apex_protection_storagedell apex protection storagelt6.2.1.110
dell:apex_protection_storagedell apex protection storagelt7.10.1.15
dell:powerprotect_data_domaindell powerprotect data domainlt6.2.1.110
dell:powerprotect_data_domaindell powerprotect data domainlt7.12.0.0
dell:powerprotect_data_domain_management_centerdell powerprotect data domain management centerlt6.2.1.110
dell:powerprotect_data_domain_management_centerdell powerprotect data domain management centerlt7.13.0.10
dell:emc_data_domain_osdell emc data domain oslt6.2.1.110
dell:emc_data_domain_osdell emc data domain oslt7.12.0.0
dell:emc_data_domain_osdell emc data domain oslt7.7.5.25
dell:emc_data_domain_osdell emc data domain oslt7.10.1.15

CPE	Name	Operator	Version
dell:apex_protection_storage	dell apex protection storage	lt	6.2.1.110
dell:apex_protection_storage	dell apex protection storage	lt	7.10.1.15
dell:powerprotect_data_domain	dell powerprotect data domain	lt	6.2.1.110
dell:powerprotect_data_domain	dell powerprotect data domain	lt	7.12.0.0
dell:powerprotect_data_domain_management_center	dell powerprotect data domain management center	lt	6.2.1.110
dell:powerprotect_data_domain_management_center	dell powerprotect data domain management center	lt	7.13.0.10
dell:emc_data_domain_os	dell emc data domain os	lt	6.2.1.110
dell:emc_data_domain_os	dell emc data domain os	lt	7.12.0.0
dell:emc_data_domain_os	dell emc data domain os	lt	7.7.5.25
dell:emc_data_domain_os	dell emc data domain os	lt	7.10.1.15

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerProtect DD",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

Related for CVE-2023-48667

nvd1 cvelist1 prion1