VAR-202312-1363
Vulnerability from variot - Updated: 2024-11-28 23:04Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell) in the United States.
Dell PowerProtect Data Domain has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in the resource or file path. Attackers can exploit this vulnerability to retrieve arbitrary files from the underlying file system through specially crafted web requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202312-1363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.12.0.0"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.10"
},
{
"model": "powerprotect data protection",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.7.6"
},
{
"model": "powerprotect data domain management center",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "emc data domain os",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.7"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain management center",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "emc data domain os",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "apex protection storage",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "7.0"
},
{
"model": "apex protection storage",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "6.2.1.110"
},
{
"model": "powerprotect data domain",
"scope": "lt",
"trust": 0.6,
"vendor": "dell",
"version": "7.13.0.10"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.7.5.25"
},
{
"model": "powerprotect data domain \u003clts",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "7.10.1.15"
},
{
"model": "powerprotect data domain",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "6.2.1.110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"cve": "CVE-2023-44278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2024-46268",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2023-44278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2023-44278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-46268",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. Dell PowerProtect Data Domain (Dell PowerProtect DD) is a set of hardware devices for data protection, backup, storage and deduplication from Dell (Dell) in the United States. \n\nDell PowerProtect Data Domain has a path traversal vulnerability, which is caused by the program failing to properly filter special elements in the resource or file path. Attackers can exploit this vulnerability to retrieve arbitrary files from the underlying file system through specially crafted web requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44278"
},
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44278",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2024-46268",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"id": "VAR-202312-1363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
]
},
"last_update_date": "2024-11-28T23:04:43.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell PowerProtect Data Domain Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618186"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44278"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"date": "2023-12-14T16:15:45.490000",
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46268"
},
{
"date": "2023-12-27T19:32:20.107000",
"db": "NVD",
"id": "CVE-2023-44278"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell PowerProtect Data Domain Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46268"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…