CVE-2023-48667

7.2HIGH

Key Information:

Vendor: Dell
Status: PowerProtect DD
Vendor: CVE Published:; 14 December 2023

Summary

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

Affected Version(s)

PowerProtect DD Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

References

https://www.dell.com/support/kbdoc/en-us/000220264/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023

Collectors

NVD DatabaseMitre Database