CVE-2023-23692OS Command Injection in Dell Data Domain

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
3.7%
top 12.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Data DomainDell EMC Data Domain OS
Timeline
PublishedFeb 1

Description

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5dell/data_domain< 6.2.1.80+2
NVDdell/emc_data_domain_os7.0.0.07.9.0.0+2

🔴Vulnerability Details

2
GHSA
GHSA-fj98-chjw-h559: Dell EMC prior to version DDOS 72023-02-01
CVEList
CVE-2023-23692: Dell EMC prior to version DDOS 72023-02-01
CVE-2023-23692 — OS Command Injection in Dell | cvebase