Article Number: 000207174
DSA-2022-302: Dell Technologies PowerProtect DD Security Update for Multiple Third-Party Security Vulnerabilities
Summary: Dell Technologies PowerProtect DD remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Details
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-0778, CVE-2021-21131, CVE-2021-21136, CVE-2022-21166 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): Dell KB article 81247: Data Domain: DD OS Software Versions Dell KB article 14125: Data Domain Operating System Software Portal Availability Policy |
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| CVE-2021-0154, CVE-2021-0153, CVE-2021-33123, CVE-2021-0190, CVE-2021-33124, CVE-2021-0155, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 | PowerProtect DD Appliance model: DD6300, DD6800, and DD9300 |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| CVE-2022-2068, CVE-2022-1292 | PowerProtect DD DDOS and DDMC |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| PowerProtect DD Appliance model: DD2200 and DD2500 |
6.2.1.80 and below | 6.2.1.100 and above | ||
| Integrated DataProtect Appliance model: DP4400 | 2.7.2 and 2.7.3 | Available in next release | ||
| CVE-2022-2068, CVE-2022-1292, CVE-2018-25032, CVE-2022-23308, CVE-2022-27782, CVE-2022-27776, CVE-2019-14250 | PowerProtect DD SmartScale |
7.8 to 7.9 | 7.10.0.0 and later | |
| CVE-2021-29425 | PowerProtect DD DDOS and DDMC |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.5 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.4 | 7.7.5 and later | |||
| PowerProtect DD Appliance model: DD2200 and DD2500 |
6.2.1.80 and earlier | 6.2.1.100 and above | ||
| Integrated DataProtect Appliance model: DP4400 | 2.7.2 and 2.7.3 | Available in next release |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-0778, CVE-2021-21131, CVE-2021-21136, CVE-2022-21166 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links below (requires log in to Dell Support to view articles): Dell KB article 81247: Data Domain: DD OS Software Versions Dell KB article 14125: Data Domain Operating System Software Portal Availability Policy |
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| CVE-2021-0154, CVE-2021-0153, CVE-2021-33123, CVE-2021-0190, CVE-2021-33124, CVE-2021-0155, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 | PowerProtect DD Appliance model: DD6300, DD6800, and DD9300 |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| CVE-2022-2068, CVE-2022-1292 | PowerProtect DD DDOS and DDMC |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.4 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.3 | 7.7.4 and later | |||
| PowerProtect DD Appliance model: DD2200 and DD2500 |
6.2.1.80 and below | 6.2.1.100 and above | ||
| Integrated DataProtect Appliance model: DP4400 | 2.7.2 and 2.7.3 | Available in next release | ||
| CVE-2022-2068, CVE-2022-1292, CVE-2018-25032, CVE-2022-23308, CVE-2022-27782, CVE-2022-27776, CVE-2019-14250 | PowerProtect DD SmartScale |
7.8 to 7.9 | 7.10.0.0 and later | |
| CVE-2021-29425 | PowerProtect DD DDOS and DDMC |
7.0 to 7.9 | 7.10.0.0 and later or 7.7.5 and later to stay on LTS 7.7 |
|
| LTS 7.7.1 to 7.7.4 | 7.7.5 and later | |||
| PowerProtect DD Appliance model: DD2200 and DD2500 |
6.2.1.80 and earlier | 6.2.1.100 and above | ||
| Integrated DataProtect Appliance model: DP4400 | 2.7.2 and 2.7.3 | Available in next release |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-01-04 | Initial Release |
| 1.1 | 2023-06-14 | Updated Affected Products and Remediation for PowerProtect DD DDOS and DDMC , changed Next 7.7 release after 7.7.4 to stay on LTS to 7.7.5 and later to stay on LTS 7.7 and changed Available in next release to 7.7.5 and later. |
| 1.2 | 2023-08-08 | Updated Affected Products and Remediation for Affected version 6.2.1.80 and below. Added updated version. |
Related Information
Legal Information
Article Properties
Affected Product
Data Domain, PowerProtect Data Protection Appliance, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention
, Data Domain GDA, Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information, Storage Direct for Data Domain
...
Last Published Date
08 Aug 2023
Version
6
Article Type
Dell Security Advisory