CVE-2023-48668

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

Dell PowerProtect DD, versiones anteriores a 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 en DDMC contienen una vulnerabilidad de inyección de comandos del sistema operativo en una operación de administración. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad, lo que llevaría a la ejecución de comandos arbitrarios del sistema operativo en el sistema operativo subyacente de la aplicación del sistema administrado con los privilegios de la aplicación vulnerable. La explotación puede llevar a que un atacante se apodere del sistema en un sistema administrado de DDMC.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-11-17 CVE Reserved
2023-12-14 CVE Published
2023-12-15 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities	2023-12-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"		Powerprotect Data Domain Management Center Search vendor "Dell" for product "Powerprotect Data Domain Management Center"				< 6.2.1.110 Search vendor "Dell" for product "Powerprotect Data Domain Management Center" and version " < 6.2.1.110"		-		Affected
Dell Search vendor "Dell"		Powerprotect Data Domain Management Center Search vendor "Dell" for product "Powerprotect Data Domain Management Center"				>= 7.0 < 7.13.0.10 Search vendor "Dell" for product "Powerprotect Data Domain Management Center" and version " >= 7.0 < 7.13.0.10"		-		Affected
Dell Search vendor "Dell"		Powerprotect Data Domain Management Center Search vendor "Dell" for product "Powerprotect Data Domain Management Center"				>= 7.7 < 7.7.5.25 Search vendor "Dell" for product "Powerprotect Data Domain Management Center" and version " >= 7.7 < 7.7.5.25"		lts2022		Affected
Dell Search vendor "Dell"		Powerprotect Data Domain Management Center Search vendor "Dell" for product "Powerprotect Data Domain Management Center"				>= 7.10 < 7.10.1.15 Search vendor "Dell" for product "Powerprotect Data Domain Management Center" and version " >= 7.10 < 7.10.1.15"		lts2023		Affected