{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44278", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-09-28T09:25:45.713Z", "datePublished": "2023-12-14T15:17:01.213Z", "dateUpdated": "2024-08-02T19:59:51.937Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerProtect DD", "vendor": "Dell", "versions": [{"status": "affected", "version": "Versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 "}]}], "datePublic": "2023-12-13T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. </span>\n\n"}], "value": "\nDell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-12-14T15:17:01.213Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:powerprotect_data_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ECDF606-7EAF-4846-AE1F-4DDD6E4A0F9E", "versionEndExcluding": "2.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:dp4400:-:*:*:*:*:*:*:*", "matchCriteriaId": "4886295D-2A46-4AD3-8DC4-0FA212640C31", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:dp5900:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5D3E6F9-70B2-4347-A58B-0868395D6193", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:dell:dd3300:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA4D9616-4482-4173-9507-6B8EC15F3521", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:dd6400:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A81372F-E8DC-49AB-AC12-700F76D4C2C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:dd6900:-:*:*:*:*:*:*:*", "matchCriteriaId": "5525030D-2AA9-4AB6-8B15-D09214C1834E", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:dd9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C08E46D-6795-46DB-BA6C-548D7B8EBFA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:dd9900:-:*:*:*:*:*:*:*", "matchCriteriaId": "105F8F20-3EB3-49E7-82BE-3A5742EAA51E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "69E4E017-55A9-4E0F-A7EF-C4100B8AB1D7", "versionEndExcluding": "6.2.1.110", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:apex_protection_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "86944363-EB13-4C55-9B54-6416B7B6D8E1", "versionEndExcluding": "7.10.1.15", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*", "matchCriteriaId": "E55E7C34-C4A4-4E91-A1A8-CEADB6423BB1", "versionEndExcluding": "6.2.1.110", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerprotect_data_domain:*:*:*:*:virtual:*:*:*", "matchCriteriaId": "F0C53AB7-8C4F-4B92-A229-363D39A6CEDC", "versionEndExcluding": "7.12.0.0", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "9540FB1D-8ACB-4697-9F64-0CC6EB81706E", "versionEndExcluding": "6.2.1.110", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:powerprotect_data_domain_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F4CE859-62A1-4DB5-B986-FC2943D66A5A", "versionEndExcluding": "7.13.0.10", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF1B175C-0AF1-42C1-9F84-47BC260C3819", "versionEndExcluding": "6.2.1.110", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BD632A5-142D-4FA3-85FE-EAC079EFA8D8", "versionEndExcluding": "7.12.0.0", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2022:*:*:*", "matchCriteriaId": "BADA4FAB-B4E2-43D8-8BE6-960B333D8CB8", "versionEndExcluding": "7.7.5.25", "versionStartIncluding": "7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:emc_data_domain_os:*:*:*:*:lts2023:*:*:*", "matchCriteriaId": "585FCF80-A59C-4070-9D7D-8B707983A6ED", "versionEndExcluding": "7.10.1.15", "versionStartIncluding": "7.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2022:*:*:*", "matchCriteriaId": "9D0424A4-BA46-4CF3-8704-CC894EF2B194", "versionEndExcluding": "7.7.5.25", "versionStartIncluding": "7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powerprotect_data_domain_management_center:*:*:*:*:lts2023:*:*:*", "matchCriteriaId": "EDE4E1BC-05DC-4B31-B0C1-97DBA2BE9CE9", "versionEndExcluding": "7.10.1.15", "versionStartIncluding": "7.10", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. \n\n"}, {"lang": "es", "value": "Dell PowerProtect DD, versiones anteriores a 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contienen una vulnerabilidad de path traversal. Un atacante local con privilegios elevados podr\u00eda explotar esta vulnerabilidad para obtener acceso de lectura y escritura no autorizado a los archivos del sistema operativo almacenados en el sistema de archivos del servidor, con los privilegios de la aplicaci\u00f3n en ejecuci\u00f3n."}], "id": "CVE-2023-44278", "lastModified": "2023-12-27T19:32:20.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-12-14T16:15:45.490", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security_alert@emc.com", "type": "Secondary"}]}

{}