- Description
- Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. Exploitation requires an authenticated user to perform a specific action.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
- Products
- powerprotect_dp_series_appliance, data_domain_operating_system
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security_alert@emc.com
- CWE-306
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:powerprotect_dp_series_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD58029-9254-43B4-8CD0-3E5B90B3233B",
"versionEndExcluding": "2.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC897776-0E86-478C-B120-1D5D89C2B488",
"versionEndExcluding": "7.13.1.70",
"versionStartIncluding": "7.7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A28B7834-5B62-4CDE-B628-0BAC62AADD08",
"versionEndExcluding": "8.3.1.30",
"versionStartIncluding": "7.14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "749DB068-EDFA-402A-91EB-66575CA10EDD",
"versionEndExcluding": "8.6.1.0",
"versionStartIncluding": "8.4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]