CVE-2023-44277

Name of the Vulnerable Software and Affected Versions Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15 Dell PowerProtect DD version 6.2.1.110

Description The issue concerns an OS command injection vulnerability in the CLI of Dell PowerProtect DD. A local low-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Recommendations For versions prior to 7.13.0.10, update to version 7.13.0.10 or later. For LTS versions prior to 7.7.5.25, update to version 7.7.5.25 or later. For LTS versions prior to 7.10.1.15, update to version 7.10.1.15 or later. For version 6.2.1.110, update to a version later than 6.2.1.110. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.