DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities
Zusammenfassung: Dell Technologies PowerProtect Data Domain remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Auswirkungen
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
Betroffene Produkte und Korrektur
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
Revisionsverlauf
| Revision | Date | Description |
| 1.0 | 2022-07-07 | Initial Release |
| 1.1 | 2022-07-12 | Edited versions in Affected Products and Remediation Table Affected Version Column |
| 1.2 | 2022-08-31 | Added "7.7.3 and above" to Affected Products and Remediation Table |
| 1.3 | 2022-01-12 | Added CVE-2023-23692 to Proprietary Code Table. |
Zugehörige Informationen
Rechtlicher Hinweis
Betroffene Produkte
Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA
, Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain
...
Artikeleigenschaften
Artikelnummer: 000201296
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 19 Sept. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.