CVE-2023-48668: OS Command Injection
First published: Thu Dec 14 2023(Updated: )
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Powerprotect Data Domain Management Center | <6.2.1.110 | |
| Dell Powerprotect Data Domain Management Center | >=7.0<7.13.0.10 | |
| Dell Powerprotect Data Domain Management Center | >=7.7<7.7.5.25 | |
| Dell Powerprotect Data Domain Management Center | >=7.10<7.10.1.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell powerprotect data domain management center
- version/dell powerprotect data domain management center/7.0
- version/dell powerprotect data domain management center/7.7
- version/dell powerprotect data domain management center/7.10