Impact
Dell PowerProtect Data Domain is affected by an incorrect authorization vulnerability (CWE-863). The flaw allows a high‑privileged local attacker to potentially execute arbitrary commands on the appliance. This could let the attacker modify system configuration, access sensitive data, or disrupt services. The description does not state complete system compromise, just the possibility of unauthorized command execution.
Affected Systems
Affected releases include Dell PowerProtect Data Domain 7.7.1.0 through 8.7, LTS2026 release 8.6.1.0 through 8.6.1.10, LTS2025 release 8.3.1.0 through 8.3.1.30, and LTS2024 release 7.13.1.0 through 7.13.1.70. All appliances running these firmware versions are susceptible to the vulnerability.
Risk and Exploitability
The CVSS score of 4.2 places the vulnerability in the low‑severity range, and the EPSS score is not available. The flaw is not listed in CISA’s KEV catalog. Exploitation requires local access with high‑privilege rights; no remote attack vector is documented. The risk is therefore limited to users who have elevated local privileges on the appliance. Vulnerable devices should be considered at risk for unauthorized command execution if local high‑privileged accounts exist.
OpenCVE Enrichment