Dell PowerProtect Data Domain
Moderate fix5 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 7.7.1.0, <= 8.3.0.15
- 8.3.1.0
- >= 7.13.1.0, <= 7.13.1.30
- >= 7.10.1.0, <= 7.10.1.60
Dell PowerProtect Data Domain OS Command Injection Vulnerability Allowing Arbitrary Command Execution and Privilege Escalation
Vulnerability
Patched
A command injection vulnerability has been identified in Dell PowerProtect Data Domain systems running Data Domain Operating System (DD OS) versions 7.7.1.0 prior to 8.3.0.15, as well as specific LTS2025, LTS2024, and LTS2023 release versions. This vulnerability arises from improper neutralization of special elements used in operating system commands, allowing a high-privileged attacker with local access to execute arbitrary commands. Exploitation of this vulnerability could lead to unauthorized command execution with root privileges.
Impact
Successful exploitation allows arbitrary command execution with root privileges, potentially leading to unauthorized access or modification of system files and settings.
Remediation
Users can upgrade to Dell PowerProtect Data Domain OS versions 8.4.0.0 or later, or for specific LTS versions, consult the Dell PowerProtect Data Domain Management Center update instructions. For detailed guidance, refer to the Dell PowerProtect Data Domain Knowledge Base articles on upgrading the Data Domain Operating System.
Added: Oct 7, 2025, 7:03 PM
Updated: Oct 7, 2025, 7:03 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
3.0remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.