CVE-2023-44291

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Manager DM5500 version 5.14.0.0

Description The issue exists due to the lack of neutralization of special elements used in an operating system command. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Recommendations For version 5.14.0.0, consider disabling the PPOE component as a temporary workaround until a patch is available. Restrict access to the vulnerable application to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.