Dell PowerProtect Data Domain
Moderate fix5 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 7.7.1.0, <= 8.4.0.0
- 8.3.1.0
- >= 7.13.1.0, <= 7.13.1.30
- >= 7.10.1.0, <= 7.10.1.60
Dell PowerProtect Data Domain Argument Injection Vulnerability Leading to Denial-of-Service
Vulnerability
Patched
A vulnerability allowing improper neutralization of argument delimiters in a command, known as 'argument injection', has been identified in Dell PowerProtect Data Domain systems. This issue is present in the Data Domain Operating System (DD OS) across several release versions, including Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, and LTS 2023 release versions 7.10.1.0 through 7.10.1.60. The vulnerability could be exploited by a low privileged attacker with remote access, potentially leading to a denial-of-service condition.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition, disrupting the availability of the affected system.
Remediation
Users can upgrade to Dell PowerProtect Data Domain OS versions 8.4.0.0 or later, or for specific LTS versions, consult the Dell PowerProtect Data Domain Management Center support page for guidance.
Added: Oct 7, 2025, 7:26 PM
Updated: Oct 7, 2025, 7:26 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.9remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.