Dell PowerProtect Data Domain
Moderate fix8 remedies
cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:*:*:*
Moderate fix8 remedies
- >= 7.7.1.0, <= 8.7.0.0
- >= 8.3.1.0, <= 8.3.1.20
- >= 7.13.1.0, <= 7.13.1.60
Dell PowerProtect Data Domain Improper Privilege Management Vulnerability in iDRAC Allowing Unauthorized Access to Delete Operations
Vulnerability
Patched
A vulnerability has been identified in Dell PowerProtect Data Domain appliances, specifically in versions 7.7.1.0 prior to 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.60. This vulnerability arises from improper privilege management in the integrated Dell Remote Access Controller (iDRAC). A high-privileged attacker with local access could exploit this vulnerability to elevate privileges and access unauthorized delete operations in iDRAC.
Impact
Exploitation of this vulnerability could lead to unauthorized access to delete operations in iDRAC, allowing for potential manipulation or removal of critical data or configurations.
Remediation
Users can upgrade to Dell PowerProtect Data Domain versions 8.6.1.10, 8.7.0.0 or later, or for LTS2025 release version 8.3.1.30 or later. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.
Added: Apr 20, 2026, 5:30 PM
Updated: Apr 20, 2026, 5:30 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
0.6exploitability
3.0remediation
7.7relevance
6.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.