Numerous vulnerabilities have been identified in Dell’s PowerProtect, encompassing SQL injection, cross-site scripting (XSS), privilege escalation, command injection, and path tracing. The severity of these vulnerabilities ranges from 4.3 (Medium) to 8.8 (High).
Each vulnerability has been assigned a relevant CVE, with CVE-2023-44286, associated with Cross-Site Scripting, carrying the highest severity (8.8), and CVE-2023-44284 having the lowest severity (4.3) among the identified vulnerabilities in Dell PowerProtect.
A total of 8 vulnerabilities have been disclosed, comprising 4 OS command injections, 1 SQL Injection, 1 Path Traversal, 1 Cross-site scripting (XSS), and 1 Privilege Escalation. These vulnerabilities are present in Dell PowerProtect DD versions preceding 7.13.0.10, LTS 7.7.5.5, LTS 7.10.1.15, and 6.2.1.1110.
CVE-2023-48668 (8.8), CVE-2023-44277 (7.8), CVE-2023-48667 (7.2), and CVE-2023-44279 (6.7) are associated with an OS command injection vulnerability that could be exploited by threat actors to potentially execute arbitrary OS commands or bypass security restrictions.
A threat actor may exploit these vulnerabilities to perform activities such as taking over the system or executing OS commands with vulnerable application privileges.
CVE-2023-44278 pertains to a Path Traversal vulnerability with a severity rating of 6.7 (Medium), allowing threat actors to gain unauthorized read and write access to OS files on the server filesystem.
CVE-2023-44284 involves an SQL injection vulnerability, potentially enabling threat actors to execute SQL commands on the application’s backend database, resulting in unauthorized read access to application data. The severity for this vulnerability is rated at 4.3 (Low).
CVE-2023-44286 relates to a cross-site scripting vulnerability, which could be exploited by threat actors to execute Javascript code in a victim user’s DOM environment, leading to information disclosure, session theft, or client-side request forgery. The severity of this vulnerability is 8.8 (High).
CVE-2023-44285 is connected to a privilege escalation vulnerability, which threat actors could exploit with low privilege to escalate their access due to improper access control. The severity for this vulnerability is 7.8 (High).
Dell’s security advisory offers comprehensive information about these vulnerabilities, including their CVSS vector and other pertinent details.
CyberSec84 | Cybersecurity news. 
Leave a comment