Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing.
The severity for these vulnerabilities ranges between 4.3 and 8.8.
Relevant CVEs have been assigned to all these vulnerabilities, with CVE-2023-44286 associated with Cross-Site Scripting having the highest severity and CVE-2023-44284 with the lowest severity among the discovered vulnerabilities in Dell PowerProtect.
Nearly 8 vulnerabilities have been disclosed, including 4 OS command injections, 1 Path Traversal, 1 SQL injection, 1 Cross-site scripting, and 1 Privilege Escalation.
CVE-2023-48668, CVE-2023-44277, CVE-2023-48667, and CVE-2023-44279 were related to OS command injection vulnerability which can be exploited by a threat actor to potentially execute arbitrary OS commands or bypass security restrictions.
A threat actor could also potentially exploit some of these vulnerabilities and perform various activities such as taking over the system, executing OS commands with vulnerable application privileges, and many others.
CVE-2023-44278 is related to the Path Traversal vulnerability, which threat actors can exploit to gain unauthorized read and write access to the OS files stored on the server filesystem.
The severity for this vulnerability is given as 6.7.
CVE-2023-44284 is related to SQL injection vulnerability, which a threat actor could exploit to execute SQL commands on the application's backend database, resulting in unauthorized read access to the application data.
The severity for this vulnerability has been given as 4.3.
CVE-2023-44286 is related to cross-site scripting vulnerability, which the threat actor can potentially exploit to execute Javascript code in a victim user's DOM environment of the browser.
Successful exploitation could lead to information disclosure, session theft, or client-side request forgery.
The severity of this vulnerability has been given as 8.8.
CVE-2023-44285 is linked with a Privilege Escalation vulnerability, which a threat actor can exploit with low privilege to escalate their privilege due to improper access control.
The severity for this vulnerability has been given as 7.8.
10.1.15 and above to stay on LTS2023 7.10or7.
7.5.25 and above to stay on LTS2022 7.7 6.2.1.100 and below 6.2.1.110 and above CVE-2023-44286, CVE-2023-48668, CVE-2023-44285, CVE-2023-44277, CVE-2023-48667, CVE-2023-44279, CVE-2023-44278 Dell PowerProtect DD management Center 7.0 to 7.12.0.0 7.13.0.10 and aboveor7.
7.5.25 and above to stay on LTS2022 7.7 6.2.1.100 and below 6.2.1.110 and above.
The security advisory published by Dell provides detailed information about these vulnerabilities, their CVSS vector and other information.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 15 Dec 2023 11:45:04 +0000