Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Published: 2026-04-17
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Dell PowerProtect Data Domain with Data Domain Operating System feature release versions 8.4 to 8.5 contains an improper authentication flaw that allows an attacker with high privileges and remote access to bypass authentication and gain unauthorized access to the system. The vulnerability is classified as a CWE‑287 authentication bypass, directly undermining confidentiality by permitting unauthenticated operations.

Affected Systems

Dell PowerProtect Data Domain running Data Domain Operating System versions 8.4 and 8.5.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity. The EPSS score of <1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The CVE description notes that an attacker must have high privileges and remote access to exploit the flaw, implying that reachability through a network‑based management interface is required.

Generated by OpenCVE AI on May 5, 2026 at 17:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update in KB 000450699 to upgrade DD OS to a fixed version with the corrected authentication logic.
  • Restrict external access to the PowerProtect Data Domain by implementing firewall rules or VPN restrictions so that only trusted networks can reach the management interface.
  • Audit and monitor authentication logs for repeated failed attempts and unauthorized access events to detect potential exploitation early.

Generated by OpenCVE AI on May 5, 2026 at 17:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerProtect Data Domain Allowing Unauthorized Remote Access

Tue, 05 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell data Domain Operating System
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Dell data Domain Operating System

Sat, 18 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Improper Authentication in Dell PowerProtect Data Domain Allowing Unauthorized Remote Access

Fri, 17 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 17 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Data Domain Operating System Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-18T03:55:37.071Z

Reserved: 2025-04-25T05:03:51.784Z

Link: CVE-2025-46607

cve-icon Vulnrichment

Updated: 2026-04-17T14:04:35.018Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T12:16:32.087

Modified: 2026-05-05T14:51:16.537

Link: CVE-2025-46607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T18:00:13Z

Weaknesses