CVE-2023-48668

Name of the Vulnerable Software and Affected Versions Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD version 6.2.1.110 on DDMC Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15

Description The issue exists due to the lack of neutralization of special elements used in an operating system command. Exploitation of this issue may allow an attacker to execute arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application, potentially leading to a system takeover by an attacker on a managed system of DDMC. A local high-privileged attacker could potentially exploit this issue.

Recommendations For versions prior to 7.13.0.10, update to version 7.13.0.10 or later. For version 6.2.1.110 on DDMC, update to a version that is not affected by this issue. For LTS versions prior to 7.7.5.25, update to version 7.7.5.25 or later. For LTS versions prior to 7.10.1.15, update to version 7.10.1.15 or later.