OS Command Injection in Dell PowerProtect DD
CVE-2023-48668

8.2HIGH

Key Information:

Vendor: Dell
Status: PowerProtect DD
Vendor: CVE Published:; 14 December 2023

Summary

Dell PowerProtect DD contains an OS command injection vulnerability within its management operations. A local attacker with high privileges may exploit this issue to execute arbitrary OS commands on the underlying operating system of the managed application. Successful exploitation could allow the attacker to gain control over the managed environment, posing a significant risk to system integrity and data security.

Affected Version(s)

PowerProtect DD Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

References

https://www.dell.com/support/kbdoc/en-us/000220264/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2023
Vulnerability Reserved
Nov 17, 2023