Dell PowerProtect Data Domain
Easy fix8 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Easy fix8 remedies
- >= 7.7.1.0, <= 8.6
- >= 8.3.1.0, <= 8.3.1.20
- >= 7.13.1.0, <= 7.13.1.60
Dell PowerProtect Data Domain OS Command Injection Vulnerability Allowing Arbitrary Command Execution as Root
Vulnerability
Patched
A command injection vulnerability has been identified in Dell PowerProtect Data Domain across several versions, including 7.7.1.0 through 8.6, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. This vulnerability allows high-privileged attackers with remote access to execute arbitrary commands as the root user. The issue arises from improper input validation, enabling exploitation under specific conditions.
Impact
Exploitation of this vulnerability could lead to unauthorized root-level access on the affected system, allowing the attacker to execute arbitrary commands with full administrative privileges.
Remediation
Users can upgrade to Dell PowerProtect Data Domain versions 8.6.1.10, 8.7.0.0 or later, or for those on the LTS2025 release, version 8.3.1.30 or later. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.
Added: Apr 20, 2026, 5:51 PM
Updated: Apr 20, 2026, 5:51 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.4remediation
8.3relevance
6.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.