Home
MEDIUM: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 8.6.1.10, 8.7.0.1 or later
affected
Any version before 8.3.1.30 or later
affected
Any version before 7.13.1.70 or later
affected
Any version before 2.7.9 with DD OS 8.3.1.30
affected
Description
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Problem types
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Product status
Any version before 8.6.1.10, 8.7.0.1 or later
Any version before 8.3.1.30 or later
Any version before 7.13.1.70 or later
Any version before 2.7.9 with DD OS 8.3.1.30
References
www.dell.com/...protect-data-domain-multiple-vulnerabilities