Name of the Vulnerable Software and Affected Versions:

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.1.0.10

Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25

Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.50

Description:

The Dell PowerProtect Data Domain contains an Improper Neutralization of Special Elements used in an OS Command Injection vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Recommendations:

For versions 7.7.1.0 through 8.1.0.10, apply appropriate mitigations to prevent OS Command Injection within the DDSH CLI.

For versions 7.13.1.0 through 7.13.1.25, apply appropriate mitigations to prevent OS Command Injection within the DDSH CLI.

For versions 7.10.1.0 through 7.10.1.50, apply appropriate mitigations to prevent OS Command Injection within the DDSH CLI.