Dell PowerProtect Data Domain BoostFS Insufficiently Protected Credentials Vulnerability

A vulnerability allowing credential exposure has been identified in Dell PowerProtect Data Domain BoostFS for client, specifically in Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. This vulnerability could be exploited by a low privileged attacker with local access, potentially leading to the exposure of credentials. The exposed credentials might be used to access the system with the privileges of the compromised account.

Impact

Exploitation of this vulnerability could result in unauthorized access to the system, using the privileges of the exposed account.

Remediation

Users can upgrade to PowerProtect Data Domain BoostFS client versions 8.6.0.0 or later, or 8.3.1.30 or later for LTS2025, and 7.13.1.70 or later for LTS2024. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.