var-202312-1037
Vulnerability from variot
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell).
Dell PowerProtect Data Domain has a command execution vulnerability, which is caused by the failure to properly filter special characters and commands in the administrator command line interface. Attackers can exploit this vulnerability to cause the system to be taken over by attackers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "powerprotect data protection",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.7.6"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "apex protection storage",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 0.6,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "powerprotect data domain",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "6.2.1.110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"cve": "CVE-2023-44279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2024-37425",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2023-44279",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2023-44279",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-37425",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker\n\n. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell). \n\nDell PowerProtect Data Domain has a command execution vulnerability, which is caused by the failure to properly filter special characters and commands in the administrator command line interface. Attackers can exploit this vulnerability to cause the system to be taken over by attackers",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44279"
},
{
"db": "CNVD",
"id": "CNVD-2024-37425"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44279",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-37425",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"id": "VAR-202312-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
}
]
},
"last_update_date": "2024-09-05T23:05:54.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerProtect Data Domain Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/587581"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44279"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"date": "2023-12-14T16:15:46.017000",
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-37425"
},
{
"date": "2023-12-27T19:32:06.713000",
"db": "NVD",
"id": "CVE-2023-44279"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerProtect Data Domain Command Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-37425"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…