Description
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.
Published: 2026-04-17
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure via insufficiently protected credentials
Action: Patch
AI Analysis

Impact

The vulnerability arises from credentials that are not adequately protected within Dell PowerProtect Data Domain BoostFS. A local attacker with low privileges can acquire these exposed credentials, subsequently using them to access the system with the full rights of the compromised account. The impact is therefore the potential loss of confidentiality, integrity, and availability of data and services governed by those credentials.

Affected Systems

Affected are Dell PowerProtect Data Domain BoostFS clients on Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. Only these specific releases contain the insufficiently protected credentials flaw.

Risk and Exploitability

With a CVSS score of 7.8, the vulnerability is considered high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed field‑of‑view exploitation yet. The attack vector is local: a low privileged attacker who gains physical or local network access can exploit the weakness. The lack of a patch or mitigation at the time of reporting increases the risk that an attacker could leverage the exposed credentials to elevate privileges and compromise the system.

Generated by OpenCVE AI on April 17, 2026 at 11:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell DSA‑2026‑060 security update for PowerProtect Data Domain BoostFS to all affected releases
  • Restart the PowerProtect Data Domain services to ensure the update takes effect
  • Configure the system to enforce strong credential storage and management policies, such as password hashing and limited local access, as a temporary countermeasures until the vendor update is applied

Generated by OpenCVE AI on April 17, 2026 at 11:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Insufficiently Protected Credentials in Dell PowerProtect Data Domain BoostFS

Fri, 17 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to credential exposure. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-17T08:12:17.696Z

Reserved: 2025-04-15T21:29:33.584Z

Link: CVE-2025-36568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T09:16:05.000

Modified: 2026-04-17T15:07:18.050

Link: CVE-2025-36568

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T11:30:16Z

Weaknesses