CVE-2023-48668

HIGH

Dell Powerprotect Data Domain Management Center < 6.2.1.110 - OS Command Injection

Title source: rule

Description

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

dell/powerprotect_data_domain_management_center < 6.2.1.110

dell/powerprotect_data_domain_management_center 7.10 - 7.10.1.15

dell/powerprotect_data_domain_management_center 7.7 - 7.7.5.25

Published Dec 14, 2023

Tracked Since Feb 18, 2026