Dell PowerProtect Data Domain OS Command Injection Vulnerability in DDSH CLI
Vulnerability
A command injection vulnerability has been identified in the Dell PowerProtect Data Domain operating system (DD OS) within the DDSH command-line interface. This vulnerability affects Feature Release versions 7.7.1.0 through 8.1.0.10, as well as LTS2024 release versions 7.13.1.0 through 7.13.1.25 and LTS2023 release versions 7.10.1.0 through 7.10.1.50. The vulnerability arises from improper neutralization of special elements used in operating system commands, allowing a high-privileged attacker with local access to execute arbitrary commands with root privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands with root privileges, potentially allowing for significant system compromise.
Remediation
Users can upgrade to version 8.3.1.0, 8.4.0.0, or later for DD OS 8.3, or version 7.13.1.30 or later for DD OS 7.13.1. For DD OS 7.10.1, version 7.10.1.60 or later should be installed. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.