Dell PowerProtect Data Domain
Moderate fix6 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix6 remedies
- >= 7.7.1.0, <= 8.1.0.10
- >= 7.13.1.0, <= 7.13.1.25
- >= 7.10.1.0, <= 7.10.1.50
Dell PowerProtect Data Domain OS Command Injection Vulnerability in DDSH CLI
Vulnerability
Patched
A command injection vulnerability has been identified in the Dell PowerProtect Data Domain operating system (DD OS) within the DDSH command-line interface. This vulnerability affects Feature Release versions 7.7.1.0 through 8.1.0.10, as well as LTS2024 release versions 7.13.1.0 through 7.13.1.25 and LTS2023 release versions 7.10.1.0 through 7.10.1.50. The issue arises from improper neutralization of special elements used in OS commands, allowing a high-privileged attacker with local access to execute arbitrary commands with root privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands with root privileges, potentially allowing an attacker to compromise the system's integrity and security.
Remediation
Users can upgrade to version 8.3.0.10 or later, or version 7.13.1.30 or later. For instructions on how to upgrade the Data Domain Operating System, see the Dell Knowledge Base article 'How to Upgrade the Data Domain Operating System'.
Added: Aug 4, 2025, 3:28 PM
Updated: Aug 4, 2025, 3:28 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
3.0remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.