CVE-2023-48667

Name of the Vulnerable Software and Affected Versions Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15 Dell PowerProtect DD version 6.2.1.110

Description The issue is an OS command injection vulnerability in the administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restrictions. Exploitation may lead to a system takeover by an attacker.

Recommendations For versions prior to 7.13.0.10, update to version 7.13.0.10 or later. For LTS versions prior to 7.7.5.25, update to version 7.7.5.25 or later. For LTS versions prior to 7.10.1.15, update to version 7.10.1.15 or later. For version 6.2.1.110, update to a version later than 6.2.1.110. As a temporary workaround, consider restricting access to the administrator CLI until a patch is available.