Details of VAR-202312-1037

ID

VAR-202312-1037

CVE

CVE-2023-44279

TITLE

Dell PowerProtect Data Domain Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-37425

DESCRIPTION

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker . Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell). Dell PowerProtect Data Domain has a command execution vulnerability, which is caused by the failure to properly filter special characters and commands in the administrator command line interface. Attackers can exploit this vulnerability to cause the system to be taken over by attackers

Trust: 1.44

sources: NVD: CVE-2023-44279 // CNVD: CNVD-2024-37425

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-37425

AFFECTED PRODUCTS

vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	7.12.0.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.12.0.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.7.5.25	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.10	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	7.7.5.25	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.10	Trust: 1.0
vendor:	dell	model:	powerprotect data protection	scope:	lt	version:	2.7.6	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.7	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	gte	version:	7.7	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.13.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	emc data domain os	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	apex protection storage	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	powerprotect data domain	scope:	lt	version:	7.13.0.10	Trust: 0.6
vendor:	dell	model:	powerprotect data domain <lts	scope:	eq	version:	7.7.5.25	Trust: 0.6
vendor:	dell	model:	powerprotect data domain <lts	scope:	eq	version:	7.10.1.15	Trust: 0.6
vendor:	dell	model:	powerprotect data domain	scope:	eq	version:	6.2.1.110	Trust: 0.6

sources: CNVD: CNVD-2024-37425 // NVD: CVE-2023-44279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-44279
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-44279
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-37425
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-37425
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-44279
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2024-37425 // NVD: CVE-2023-44279 // NVD: CVE-2023-44279

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2023-44279

PATCH

title:

Patch for Dell PowerProtect Data Domain Command Execution Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/587581

Trust: 0.6

sources: CNVD: CNVD-2024-37425

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44279	Trust: 1.6
db:	CNVD	id:	CNVD-2024-37425	Trust: 0.6

sources: CNVD: CNVD-2024-37425 // NVD: CVE-2023-44279

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44279	Trust: 0.6

sources: CNVD: CNVD-2024-37425 // NVD: CVE-2023-44279

SOURCES

db:	CNVD	id:	CNVD-2024-37425
db:	NVD	id:	CVE-2023-44279

LAST UPDATE DATE

2024-09-05T23:05:54.719000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-37425	date:	2024-09-04T00:00:00
db:	NVD	id:	CVE-2023-44279	date:	2023-12-27T19:32:06.713

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-37425	date:	2024-09-04T00:00:00
db:	NVD	id:	CVE-2023-44279	date:	2023-12-14T16:15:46.017