Multiple Flaws in Dell PowerProtect Products Let Attackers Execute OS Commands

by Esmeralda McKenzie
Multiple Flaws in Dell PowerProtect Products Let Attackers Execute OS Commands

Multiple Flaws in Dell PowerProtect Products Let Attackers Execute OS Commands

Multiple Flaws in Dell PowerProtect Merchandise Let Attackers Procure OS Instructions

Multiple vulnerabilities had been found in Dell’s PowerProtect, which were connected with SQL injection, pass-space scripting (XSS), privilege escalation, uncover injection, and route tracing. The severity for these vulnerabilities ranges between 4.3 (Medium) and eight.8 (Excessive).

Relevant CVEs had been assigned to all these vulnerabilities, with CVE-2023-44286 connected with Execrable-Dwelling Scripting having the ideal severity (8.8) and CVE-2023-44284 with the lowest severity (4.3) amongst the found vulnerabilities in Dell PowerProtect.

EHA

Multiple Flaws in Dell PowerProtect Merchandise

Practically 8 vulnerabilities had been disclosed, alongside side 4 OS uncover injections, 1 Course Traversal, 1 SQL injection, 1 Execrable-space scripting (XSS), and 1 Privilege Escalation. These vulnerabilities exist on Dell PowerProtect DD versions sooner than 7.13.0.10, LTS 7.7.5.5, LTS 7.10.1.15, and 6.2.1.1110.

OS Voice Injection

CVE-2023-48668 (8.8), CVE-2023-44277 (7.8), CVE-2023-48667 (7.2), and CVE-2023-44279 (6.7) were connected to OS uncover injection vulnerability which is in a space to be exploited by a chance actor to doubtlessly attain arbitrary OS instructions or bypass security restrictions.

A chance actor would possibly perhaps also doubtlessly exploit a majority of these vulnerabilities and develop diverse activities equivalent to taking on the system, executing OS instructions with susceptible utility privileges, and rather a lot of others.

Course Traversal

CVE-2023-44278 is connected to the Course Traversal vulnerability, which chance actors can exploit to manufacture unauthorized study and write entry to the OS data stored on the server filesystem. The severity for this vulnerability is given as 6.7 (Medium).

SQL Injection

CVE-2023-44284 is connected to SQL injection vulnerability, which a chance actor would possibly perhaps exploit to realize SQL instructions on the utility’s backend database, ensuing in unauthorized study entry to the utility data. The severity for this vulnerability has been given as 4.3 (Low).

Execrable-Dwelling Scripting (XSS)

CVE-2023-44286 is connected to pass-space scripting vulnerability, which the chance actor can doubtlessly exploit to realize Javascript code in a victim person’s DOM ambiance of the browser.

A success exploitation would possibly perhaps lead to data disclosure, session theft, or client-facet put a query to forgery. The severity of this vulnerability has been given as 8.8 (Excessive).

Privilege Escalation

CVE-2023-44285 is linked with a Privilege Escalation vulnerability, which a chance actor can exploit with low privilege to escalate their privilege as a result of depraved entry administration. The severity for this vulnerability has been given as 7.8 (Excessive).

Affected Merchandise & Remediation

CVEs Addressed Product Affected Variations Remediated Variations
CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 Dell PowerProtect DD sequence appliancesDell PowerProtect DD Virtual EditionDell APEX Safety Storage 7.0 to 7.12.0.0 7.13.0.10 and aboveor7.10.1.15 and above to stay to it LTS2023 7.10or7.7.5.25 and above to stay to it LTS2022 7.7
6.2.1.100 and below 6.2.1.110 and above
CVE-2023-44286, CVE-2023-48668, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278 Dell PowerProtect DD administration Heart 7.0 to 7.12.0.0 7.13.0.10 and aboveor7.10.1.15 and above to stay to it LTS2023 7.10or7.7.5.25 and above to stay to it LTS2022 7.7
6.2.1.100 and below 6.2.1.110 and above
CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 PowerProtect DP Series Appliance (IDPA): All Fashions 2.7.4 and below 2.7.6 and above
CVE-2023-44284 PowerProtect Records Supervisor Appliance mannequin: DM5500 5.14 and below 5.15.0.0 and above
CVE-2023-44286, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278, CVE-2023-44284 Dell PowerProtect DD sequence dwelling equipment and Dell PowerProtect DD Virtual Edition leveraged within the Disk Library for Mainframe (DLm) ambiance 7.0 to 7.12.0.0 7.13.0.10 and aboveor7.10.1.15 and above to stay to it LTS2023 7.10or7.7.5.25 and above to stay to it LTS2022 7.7
6.2.1.100 and below 6.2.1.110 and above

Moreover, the protection advisory printed by Dell affords detailed data about these vulnerabilities, their CVSS vector and other data.

Source credit : cybersecuritynews.com

Related Posts