Lucene search

[email protected]NVD:CVE-2023-48667

HistoryDec 14, 2023 - 4:15 p.m.

CVE-2023-48667

2023-12-1416:15:50

CWE-78

[email protected]

web.nvd.nist.gov

dell powerprotect

command injection

remote attack

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.9%

JSON

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

Affected configurations

Nvd

Node

dellapex_protection_storageRange<6.2.1.110

dellapex_protection_storageRange7.0–7.10.1.15

dellpowerprotect_data_domainRange<6.2.1.110virtual

dellpowerprotect_data_domainRange7.0–7.12.0.0virtual

dellpowerprotect_data_domain_management_centerRange<6.2.1.110

dellpowerprotect_data_domain_management_centerRange7.0–7.13.0.10

dellemc_data_domain_osRange<6.2.1.110

dellemc_data_domain_osRange7.0–7.12.0.0

dellemc_data_domain_osRange7.7–7.7.5.25lts2022

dellemc_data_domain_osRange7.10–7.10.1.15lts2023

dellpowerprotect_data_domain_management_centerRange7.7–7.7.5.25lts2022

dellpowerprotect_data_domain_management_centerRange7.10–7.10.1.15lts2023

AND

delldd3300Match-

delldd6400Match-

delldd6900Match-

delldd9400Match-

delldd9900Match-

Node

dellpowerprotect_data_protectionRange<2.7.6

AND

delldp4400Match-

delldp5900Match-

VendorProductVersionCPE
dellapex_protection_storage*cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*
dellpowerprotect_data_domain*cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*
dellpowerprotect_data_domain_management_center*cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*
dellemc_data_domain_os*cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*
dellemc_data_domain_os*cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:*
dellemc_data_domain_os*cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:*
dellpowerprotect_data_domain_management_center*cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:*
dellpowerprotect_data_domain_management_center*cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:*
delldd3300-cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*
delldd6400-cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	apex_protection_storage	*	cpe:2.3:a:dell:apex_protection_storage::::::::
dell	powerprotect_data_domain	*	cpe:2.3:a:dell:powerprotect_data_domain:::::virtual:::*
dell	powerprotect_data_domain_management_center	*	cpe:2.3:a:dell:powerprotect_data_domain_management_center::::::::
dell	emc_data_domain_os	*	cpe:2.3:o:dell:emc_data_domain_os::::::::
dell	emc_data_domain_os	*	cpe:2.3:o:dell:emc_data_domain_os:::::lts2022:::*
dell	emc_data_domain_os	*	cpe:2.3:o:dell:emc_data_domain_os:::::lts2023:::*
dell	powerprotect_data_domain_management_center	*	cpe:2.3:o:dell:powerprotect_data_domain_management_center:::::lts2022:::*
dell	powerprotect_data_domain_management_center	*	cpe:2.3:o:dell:powerprotect_data_domain_management_center:::::lts2023:::*
dell	dd3300	-	cpe:2.3:h:dell:dd3300:-:::::::*
dell	dd6400	-	cpe:2.3:h:dell:dd6400:-:::::::*

Rows per page:

1-10 of 161

References

www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.9%

JSON

Related for NVD:CVE-2023-48667

cvelist1 cve1 prion1