CyberSecurityBoard
Sponsor Register Login

Dell PowerProtect Systems Vulnerability Let Remote Attackers to Execute Arbitrary Commands

The vulnerability allows for “execution of arbitrary commands with root privileges,” essentially giving attackers complete control over affected systems. According to the security advisory, this vulnerability affects multiple versions of Dell’s data protection infrastructure. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Dell has released remediation patches to address this high-severity issue that affects multiple product lines across their enterprise backup and recovery portfolio. The core issue is classified as an “Insufficient Granularity of Access Control vulnerability” that could enable “an authenticated user from a trusted remote client” to gain unauthorized elevation of privileges. Dell has been actively revising its advisory documentation, with six updates between April 2 and 4, 2025, to provide comprehensive remediation guidance for all affected products. The vulnerability has received a CVSS Base Score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating its potential for significant damage if exploited. Customers should consult Dell’s knowledge base articles and remediation documentation for detailed upgrade instructions and product-specific guidance. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Dell has rapidly developed and released patched versions to address this vulnerability. This is not the first time Dell PowerProtect products have faced security challenges. The exploitability score of 2.8 and impact score of 5.9 further underscore the significant risk posed to organizations using unpatched versions. Similar upgrade requirements apply to the Disk Library for mainframe DLm8500 (Version 5.4.0.0 or later) and DLm8700 (Version 7.0.0.0 or later). He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. Previous vulnerabilities in the PowerProtect ecosystem, such as CVE-2023-44277 and CVE-2024-22445, have also allowed for arbitrary command execution.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Apr 2025 09:30:17 +0000


Cyber News related to Dell PowerProtect Systems Vulnerability Let Remote Attackers to Execute Arbitrary Commands

CVE-2018-1183 - In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to ...
7 years ago
Dell PowerProtect Systems Vulnerability Let Remote Attackers to Execute Arbitrary Commands - The vulnerability allows for “execution of arbitrary commands with root privileges,” essentially giving attackers complete control over affected systems. According to the security advisory, this vulnerability affects multiple versions of ...
2 months ago Cybersecuritynews.com CVE-2023-44277
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285
Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Dell is urging customers of its PowerProtect products to review a newly released security advisory and patch a series of potentially serious vulnerabilities. The vulnerabilities impact PowerProtect Data Domain series appliances, which are designed to ...
1 year ago Packetstormsecurity.com CVE-2023-44286
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Dell says names, addresses leaked after hacker claims access to 49M records - Dell is warning customers that their names, physical addresses and some order information may have been accessed in a recent cybersecurity incident. A threat actor known as Menelik made a post on the cybercrime site BreachForums on April 28 claiming ...
1 year ago Packetstormsecurity.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
CVE-2020-5356 - Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect ...
4 years ago
Dell Data Breach Exposes Personal Information Of 49 Million - Personal details such as names and residential addresses were compromised in the breach, while sensitive financial information remained secure. Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a ...
1 year ago Cysecurity.news
Dell Alienware Command Center Vulnerability Let Attackers Escalate Privileges - According to Dell’s security advisory, “A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges” on the affected system. This indicates that while the ...
2 months ago Cybersecuritynews.com CVE-2024-22450
CVE-2018-1215 - An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC ...
7 years ago
CVE-2018-1216 - A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere ...
7 years ago
Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System - Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform ...
2 months ago Cybersecuritynews.com CVE-2024-49563
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
8 months ago Cyberdefensemagazine.com
Dell warns of data breach, 49 million customers allegedly affected - Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal ...
1 year ago Bleepingcomputer.com
Dell API Abused to Steal 49 Million Customer Records in Data Breach - The threat actor responsible for the recent Dell data breach stated that he scraped information from 49 million customer records via a partner portal API that he accessed as a phony organization. Dell had begun sending alerts to customers informing ...
1 year ago Cysecurity.news
Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
1 year ago Securityzap.com Meow
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
11 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
11 months ago Helpnetsecurity.com
Analysis of OT cyberattacks and malwares - Let's find the answer to all the questions by looking into some history of OT attacks and malware. We systematically categorize the attacks into direct and indirect vectors. Direct attacks are those that target OT systems through the exploitation of ...
1 year ago Securityboulevard.com
10 Best Systems Management Tools & Software - 2025 - Op5 Monitor is an advanced network monitoring solution designed for IT infrastructure management, ensuring high availability and performance across networks, servers, and applications. What is Good ?What Could Be Better?Most cost-effective, scalable, ...
3 months ago Cybersecuritynews.com
Critical Infrastructure At Risk: Vulnerabilities Discovered In Automatic Tank Gauging - Pedro Umbelino, Principal Research Scientist at Bitsight, says the vulnerabilities could allow malefactors to exploit ATG systems, leading to potentially catastrophic outcomes, including environmental hazards, economic disruption, and even physical ...
8 months ago Informationsecuritybuzz.com
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
2 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)