Details of VAR-202312-2358

ID

VAR-202312-2358

CVE

CVE-2023-48668

TITLE

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-29348

DESCRIPTION

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage, and data deduplication from Dell (Dell)

Trust: 1.44

sources: NVD: CVE-2023-48668 // CNVD: CNVD-2024-29348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-29348

AFFECTED PRODUCTS

vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.13.0.10	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.0	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	6.2.1.110	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	gte	version:	7.7	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.10.1.15	Trust: 1.0
vendor:	dell	model:	powerprotect data domain management center	scope:	lt	version:	7.7.5.25	Trust: 1.0
vendor:	dell	model:	powerprotect dd	scope:	eq	version:	6.2.1.110	Trust: 0.6
vendor:	dell	model:	powerprotect dd	scope:	eq	version:	7.10.1.15	Trust: 0.6
vendor:	dell	model:	powerprotect dd	scope:	eq	version:	7.7.5.25	Trust: 0.6
vendor:	dell	model:	powerprotect dd	scope:	lt	version:	7.13.0.10	Trust: 0.6

sources: CNVD: CNVD-2024-29348 // NVD: CVE-2023-48668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-48668
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-48668
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-29348
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-29348
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-48668
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2023-48668
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-29348 // NVD: CVE-2023-48668 // NVD: CVE-2023-48668

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2023-48668

PATCH

title:

Patch for Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/557271

Trust: 0.6

sources: CNVD: CNVD-2024-29348

EXTERNAL IDS

db:	NVD	id:	CVE-2023-48668	Trust: 1.6
db:	CNVD	id:	CNVD-2024-29348	Trust: 0.6

sources: CNVD: CNVD-2024-29348 // NVD: CVE-2023-48668

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-48668	Trust: 0.6

sources: CNVD: CNVD-2024-29348 // NVD: CVE-2023-48668

SOURCES

db:	CNVD	id:	CNVD-2024-29348
db:	NVD	id:	CVE-2023-48668

LAST UPDATE DATE

2024-08-14T15:41:26.561000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-29348	date:	2024-06-26T00:00:00
db:	NVD	id:	CVE-2023-48668	date:	2023-12-27T19:29:50.653

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-29348	date:	2024-06-21T00:00:00
db:	NVD	id:	CVE-2023-48668	date:	2023-12-14T16:15:50.257