var-202312-1363
Vulnerability from variot
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell) in the United States.
Dell PowerProtect Data Domain has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in the resource or file path. Attackers can exploit this vulnerability to retrieve arbitrary files from the underlying file system through specially crafted web requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "powerprotect data protection",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.7.6"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "apex protection storage",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 0.6,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "powerprotect data domain",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "6.2.1.110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"cve": "CVE-2023-44278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2024-46268",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2023-44278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2023-44278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-46268",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell) in the United States. \n\nDell PowerProtect Data Domain has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in the resource or file path. Attackers can exploit this vulnerability to retrieve arbitrary files from the underlying file system through specially crafted web requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44278"
},
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44278",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-46268",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"id": "VAR-202312-1363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
]
},
"last_update_date": "2024-11-28T23:04:43.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerProtect Data Domain Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618186"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44278"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"date": "2023-12-14T16:15:45.490000",
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"date": "2023-12-27T19:32:20.107000",
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerProtect Data Domain Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…