HIGH✓ PATCH🇬🇧 English

CVE-2026-23774

CVSS 7.2v3.1pub. 2026-04-20upd. 2026-04-23

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Dell Data Domain Operating System

    OS
    Dell
    7.7.1.0 – 7.13.1.50 (bez)7.14.0.0 – 8.3.1.20 (bez)8.4.0.0 – 8.6.0.0 (bez)
  • Dell Powerprotect Dp Series Appliance

    APP
    Dell
    < 2.7.9
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2025-36594CRITICAL9.8PL ✓ten sam produkt

Authentication Bypass by Spoofing w Dell PowerProtect Data Domain DD OS

CVE-2026-26354HIGH8.1ten sam produkt

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through...

CVE-2026-24504HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...

CVE-2026-24505HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A ...

CVE-2026-24506HIGH7.2ten sam produkt

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20,...