CVE-2023-44278 — Path Traversal in Dell Apex Protection Storage

CWE-22 — Path Traversal3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 76.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Apex Protection Storage Dell EMC Data Domain OS Dell Powerprotect Data Domain +3 more

Timeline

PublishedDec 14

Description

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages6 packages

▶NVDdell/powerprotect_data_domain7.0 — 7.12.0.0+1

▶NVDdell/powerprotect_data_protection< 2.7.6

▶NVDdell/powerprotect_data_domain_management_center7.0 — 7.13.0.10+3

▶CVEListV5dell/powerprotect_ddVersions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110

▶NVDdell/emc_data_domain_os7.0 — 7.12.0.0+3

🔴Vulnerability Details

GHSA

GHSA-9gm2-f3j7-6vj6: Dell PowerProtect DD , versions prior to 7↗2023-12-14

▶

CVEList

CVE-2023-44278: Dell PowerProtect DD , versions prior to 7↗2023-12-14

▶