CVE-2023-48667
📋 TL;DR
This CVE describes an OS command injection vulnerability in Dell PowerProtect DD's administrator CLI. A remote attacker with high privileges can execute arbitrary operating system commands on the underlying OS, potentially leading to complete system compromise. Affected systems are Dell PowerProtect DD appliances running vulnerable software versions.
💻 Affected Systems
- Dell PowerProtect DD
📦 What is this software?
Powerprotect Data Domain Management Center by Dell
View all CVEs affecting Powerprotect Data Domain Management Center →
Powerprotect Data Domain Management Center by Dell
View all CVEs affecting Powerprotect Data Domain Management Center →
Powerprotect Data Domain Management Center by Dell
View all CVEs affecting Powerprotect Data Domain Management Center →
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with full administrative control, data exfiltration, ransomware deployment, or destruction of backup infrastructure.
Likely Case
Privilege escalation leading to unauthorized access to sensitive backup data, configuration manipulation, or lateral movement within the network.
If Mitigated
Limited impact due to network segmentation, restricted administrative access, and proper monitoring detecting anomalous CLI activity.
🎯 Exploit Status
Exploitation requires administrative credentials but command injection vulnerabilities are typically straightforward to weaponize once discovered.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 or later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000220264/dsa-2023-412-dell-technologies-powerprotect-security-update-for-multiple-security-vulnerabilities
Restart Required: Yes
Instructions:
1. Download the appropriate firmware update from Dell Support. 2. Apply the update following Dell's PowerProtect DD firmware upgrade procedures. 3. Reboot the appliance as required by the update process.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit CLI access to only trusted administrative accounts and implement strict network access controls to the administrative interface.
Network Segmentation
allIsolate PowerProtect DD appliances in dedicated network segments with strict firewall rules limiting inbound connections.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate PowerProtect DD from untrusted networks
- Enforce multi-factor authentication and least privilege access controls for all administrative accounts
🔍 How to Verify
Check if Vulnerable:
Check the DD OS version via the CLI: 'version' command or web interface System > AboutCheck Version:
versionVerify Fix Applied:
Verify the version is at or above the patched versions: 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, or 6.2.1.110📡 Detection & Monitoring
Log Indicators:
- Unusual CLI command patterns
- Multiple failed authentication attempts followed by successful login
- Execution of unexpected system commands
Network Indicators:
- Unusual outbound connections from PowerProtect DD appliance
- Anomalous traffic patterns to/from administrative interfaces
SIEM Query:
source="PowerProtect-DD" AND (event_type="cli_command" AND command="*;*" OR command="*|*" OR command="*`*")