CVE-2024-37140: OS Command Injection
First published: Wed Jun 26 2024(Updated: )
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Data Domain Operating System | <7.7.5.40 | |
| Dell Data Domain Operating System | >=7.8.0.0<7.10.1.30 | |
| Dell Data Domain Operating System | >=7.11.0.0<7.13.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell data domain operating system
- version/dell data domain operating system/7.8.0.0
- version/dell data domain operating system/7.11.0.0