Vulnerability Description
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Powerprotect Data Protection | < 2.7.6 |
| Dell | Dp4400 | - |
| Dell | Dp5900 | - |
| Dell | Apex Protection Storage | < 6.2.1.110 |
| Dell | Powerprotect Data Domain | < 6.2.1.110 |
| Dell | Powerprotect Data Domain Management Center | < 6.2.1.110 |
| Dell | Emc Data Domain Os | < 6.2.1.110 |
| Dell | Dd3300 | - |
| Dell | Dd6400 | - |
| Dell | Dd6900 | - |
| Dell | Dd9400 | - |
| Dell | Dd9900 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologieVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologieVendor Advisory
FAQ
What is CVE-2023-44277?
CVE-2023-44277 is a vulnerability with a CVSS score of 7.8 (HIGH). Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially e...
How severe is CVE-2023-44277?
CVE-2023-44277 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44277?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Powerprotect Data Protection, Dell Dp4400, Dell Dp5900, Dell Apex Protection Storage, Dell Powerprotect Data Domain.