Dell PowerProtect Data Domain
Easy fix8 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Easy fix8 remedies
- >= 7.7.1.0, <= 8.6
- >= 8.3.1.0, <= 8.3.1.20
- >= 7.13.1.0, <= 7.13.1.60
Dell PowerProtect Data Domain Missing Authentication Vulnerability Leading to Arbitrary Command Execution
Vulnerability
Patched
A vulnerability exists in Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6, as well as LTS2025 release versions 8.3.1.0 through 8.3.1.20 and LTS2024 release versions 7.13.1.0 through 7.13.1.60. This vulnerability involves missing authentication for critical functions, allowing an unauthenticated attacker with remote access to execute arbitrary commands with root privileges. Exploitation of this vulnerability requires an authenticated user to perform a specific action.
Impact
Exploitation of this vulnerability could lead to unauthorized arbitrary command execution with root privileges on the affected system.
Remediation
Users can upgrade to Dell PowerProtect Data Domain versions 8.6.1.10, 8.7.0.0 or later, or for LTS2025 versions, upgrade to 8.3.1.30 or later. For LTS2024, version 7.13.1.70 or later is recommended.
Added: Apr 20, 2026, 4:42 PM
Updated: Apr 20, 2026, 4:42 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
5.8remediation
8.3relevance
6.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.