Dell PowerProtect Data Domain
Moderate fix8 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix8 remedies
- >= 7.7.1.0, <= 8.7.0.0
- >= 8.3.1.0, <= 8.3.1.20
- >= 7.13.1.0, <= 7.13.1.60
Dell PowerProtect Data Domain Argument Injection Vulnerability Allowing Arbitrary Command Execution as Root
Vulnerability
Patched
A vulnerability has been identified in Dell PowerProtect Data Domain appliances running versions 7.7.1.0 through 8.7.0.0, as well as in LTS2025 release versions 8.3.1.0 through 8.3.1.20 and LTS2024 release versions 7.13.1.0 through 7.13.1.60. This vulnerability arises from improper neutralization of argument delimiters in a command, allowing for argument injection. A high-privileged attacker with local access could exploit this vulnerability to execute arbitrary commands with root privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized arbitrary command execution with root privileges on the affected system.
Remediation
Users can upgrade to Dell PowerProtect Data Domain DD OS versions 8.6.1.10, 8.7.0.0 or later, or for LTS2025 release version 8.3.1.30 or later. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.
Added: Apr 17, 2026, 11:19 AM
Updated: Apr 17, 2026, 11:19 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
3.0remediation
7.7relevance
5.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.