Name of the Vulnerable Software and Affected Versions:

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.1.0.10

Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.25

Dell PowerProtect Data Domain versions 7.10.1.0 through 7.10.1.50

Description:

The Dell PowerProtect Data Domain contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

Recommendations:

Update to a version later than 8.1.0.10.

Update to a version later than 7.13.1.25.

Update to a version later than 7.10.1.50.