Command injection

2023-12-1416:15:00

PRIOn knowledge base

www.prio-n.com

dell powerprotect

os command injection

vulnerability

administrator cli

remote attacker

security restriction

system take over

nvd

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.1%

JSON

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

CPENameOperatorVersion
apex_protection_storagelt6.2.1.110
apex_protection_storagege7.0
apex_protection_storagelt7.10.1.15
emc_data_domain_oslt6.2.1.110
emc_data_domain_osge7.0
emc_data_domain_oslt7.12.0.0
emc_data_domain_osge7.7
emc_data_domain_oslt7.7.5.25
emc_data_domain_osge7.10
emc_data_domain_oslt7.10.1.15

Name	Operator	Version
apex_protection_storage	lt	6.2.1.110
apex_protection_storage	ge	7.0
apex_protection_storage	lt	7.10.1.15
emc_data_domain_os	lt	6.2.1.110
emc_data_domain_os	ge	7.0
emc_data_domain_os	lt	7.12.0.0
emc_data_domain_os	ge	7.7
emc_data_domain_os	lt	7.7.5.25
emc_data_domain_os	ge	7.10
emc_data_domain_os	lt	7.10.1.15