CVE-2023-44277: OS Command Injection
First published: Thu Dec 14 2023(Updated: )
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Dell PowerProtect Data Protection | <2.7.6 | |
| Any of | ||
| Dell DP4400 | ||
| Dell DP5900 Firmware | ||
| All of | ||
| Any of | ||
| Dell Apex Protection Storage | <6.2.1.110 | |
| Dell Apex Protection Storage | >=7.0<7.10.1.15 | |
| Dell PowerProtect Data Domain Management Center | <6.2.1.110 | |
| Dell PowerProtect Data Domain Management Center | >=7.0<7.12.0.0 | |
| Dell PowerProtect Data Domain Management Center | <6.2.1.110 | |
| Dell PowerProtect Data Domain Management Center | >=7.0<7.13.0.10 | |
| EMC Data Domain Operating System | <6.2.1.110 | |
| EMC Data Domain Operating System | >=7.0<7.12.0.0 | |
| EMC Data Domain Operating System | >=7.7<7.7.5.25 | |
| EMC Data Domain Operating System | >=7.10<7.10.1.15 | |
| Dell PowerProtect Data Domain Management Center | >=7.7<7.7.5.25 | |
| Dell PowerProtect Data Domain Management Center | >=7.10<7.10.1.15 | |
| Any of | ||
| Dell DD3300 | ||
| Dell DD6400 | ||
| Dell DD6900 | ||
| Dell DD9400 | ||
| Dell Dd9900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-44277?
CVE-2023-44277 is classified as a low severity OS command injection vulnerability.
How do I fix CVE-2023-44277?
To fix CVE-2023-44277, upgrade to Dell PowerProtect DD version 7.13.0.10 or later, or relevant LTS versions.
Who is affected by CVE-2023-44277?
CVE-2023-44277 affects users running Dell PowerProtect DD prior to version 7.13.0.10 and some other Dell storage products.
What could happen if CVE-2023-44277 is exploited?
If exploited, CVE-2023-44277 could allow a local low privileged attacker to execute arbitrary OS commands.
Is CVE-2023-44277 exploitable remotely?
No, CVE-2023-44277 is not remotely exploitable and requires local access to the affected systems.
- agent/weakness
- agent/type
- agent/event
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell powerprotect data protection
- canonical/dell dp4400
- canonical/dell dp5900 firmware
- canonical/dell apex protection storage
- version/dell apex protection storage/7.0
- canonical/dell powerprotect data domain management center
- version/dell powerprotect data domain management center/7.0
- canonical/emc data domain operating system
- version/emc data domain operating system/7.0
- version/emc data domain operating system/7.7
- version/emc data domain operating system/7.10
- version/dell powerprotect data domain management center/7.7
- version/dell powerprotect data domain management center/7.10
- canonical/dell dd3300
- canonical/dell dd6400
- canonical/dell dd6900
- canonical/dell dd9400
- canonical/dell dd9900