CVE-2023-44278: Path Traversal
First published: Thu Dec 14 2023(Updated: )
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Dell PowerProtect Data Protection | <2.7.6 | |
| Any of | ||
| Dell DP4400 | ||
| Dell DP5900 Firmware | ||
| All of | ||
| Any of | ||
| Dell Apex Protection Storage | <6.2.1.110 | |
| Dell Apex Protection Storage | >=7.0<7.10.1.15 | |
| Dell PowerProtect Data Domain Management Center | <6.2.1.110 | |
| Dell PowerProtect Data Domain Management Center | >=7.0<7.12.0.0 | |
| Dell PowerProtect Data Domain Management Center | <6.2.1.110 | |
| Dell PowerProtect Data Domain Management Center | >=7.0<7.13.0.10 | |
| EMC Data Domain Operating System | <6.2.1.110 | |
| EMC Data Domain Operating System | >=7.0<7.12.0.0 | |
| EMC Data Domain Operating System | >=7.7<7.7.5.25 | |
| EMC Data Domain Operating System | >=7.10<7.10.1.15 | |
| Dell PowerProtect Data Domain Management Center | >=7.7<7.7.5.25 | |
| Dell PowerProtect Data Domain Management Center | >=7.10<7.10.1.15 | |
| Any of | ||
| Dell DD3300 | ||
| Dell DD6400 | ||
| Dell DD6900 | ||
| Dell DD9400 | ||
| Dell Dd9900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-44278?
CVE-2023-44278 is classified as a high severity vulnerability due to the potential for unprivileged access to sensitive OS files.
How do I fix CVE-2023-44278?
To fix CVE-2023-44278, upgrade to Dell PowerProtect versions 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, or 6.2.1.110 or later.
What causes the CVE-2023-44278 vulnerability?
CVE-2023-44278 is caused by a path traversal vulnerability that allows local high privileged attackers to access unauthorized files.
Which versions of Dell PowerProtect are affected by CVE-2023-44278?
Versions of Dell PowerProtect prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, and 6.2.1.110 are affected by CVE-2023-44278.
Who can exploit the CVE-2023-44278 vulnerability?
CVE-2023-44278 can be exploited by local high privileged attackers who have access to the system.
- agent/type
- agent/event
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell powerprotect data protection
- canonical/dell dp4400
- canonical/dell dp5900 firmware
- canonical/dell apex protection storage
- version/dell apex protection storage/7.0
- canonical/dell powerprotect data domain management center
- version/dell powerprotect data domain management center/7.0
- canonical/emc data domain operating system
- version/emc data domain operating system/7.0
- version/emc data domain operating system/7.7
- version/emc data domain operating system/7.10
- version/dell powerprotect data domain management center/7.7
- version/dell powerprotect data domain management center/7.10
- canonical/dell dd3300
- canonical/dell dd6400
- canonical/dell dd6900
- canonical/dell dd9400
- canonical/dell dd9900