Description
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.
Published: 2026-04-17
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Untrusted local attacker may gain unauthorized access due to weak credentials
Action: Immediate Patch
AI Analysis

Impact

Dell PowerProtect Data Domain products running the Data Domain Operating System in several release ranges contain a weak credential vulnerability. The flaw allows an unauthenticated attacker with local access to potentially authenticate and gain unauthorized access to the system. This can compromise confidentiality, integrity, and availability of the protected data.

Affected Systems

The issue affects Dell PowerProtect Data Domain systems with DD OS Feature Release versions 7.7.1.0 through 8.5, LTS2025 release versions 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50.

Risk and Exploitability

The vulnerability requires local or physically proximate access; an attacker does not need network credentials. Once local, the attacker can submit weak credentials to log in. The CVSS score of 8.4 indicates a high severity, but no EPSS data is available. Further, Dell has not listed this vulnerability in the CISA KEV catalog, which does not necessarily reflect exploitation likelihood.

Generated by OpenCVE AI on April 17, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell's security update DSA‑2026‑060 to update the DD OS on all affected PowerProtect Data Domain units.
  • Verify that all local accounts run strong, unique passwords and replace any default or weak passwords.
  • Restrict local console or SSH access to authorized administrators and enforce least‑privilege policies.

Generated by OpenCVE AI on April 17, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Title Weak Credentials Allow Local Unauthorized Access in Dell PowerProtect Data Domain
First Time appeared Dell
Dell powerprotect Data Domain
Vendors & Products Dell
Dell powerprotect Data Domain

Fri, 17 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system.
Weaknesses CWE-1391
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Powerprotect Data Domain
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-17T12:12:40.318Z

Reserved: 2026-01-16T18:05:07.318Z

Link: CVE-2026-23853

cve-icon Vulnrichment

Updated: 2026-04-17T12:12:34.073Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T08:16:16.900

Modified: 2026-04-17T15:13:15.930

Link: CVE-2026-23853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T08:30:13Z

Weaknesses