Path Traversal Vulnerability in Dell PowerProtect DD
CVE-2023-44278

6.7MEDIUM

Key Information:

Vendor: Dell
Status: PowerProtect DD
Vendor: CVE Published:; 14 December 2023

Summary

A path traversal vulnerability exists in Dell PowerProtect DD versions before 7.13.0.10, allowing a local attacker with high privileges to potentially exploit this flaw. By leveraging this vulnerability, the attacker could gain unauthorized read and write access to sensitive operating system files stored on the server filesystem, thereby compromising the integrity and confidentiality of the affected system's data.

Affected Version(s)

PowerProtect DD Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

References

https://www.dell.com/support/kbdoc/en-us/000220264/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Sep 28, 2023