Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In

Your Dell.com Baskets

Article Number: 000201296

DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Summary: Dell Technologies PowerProtect Data Domain remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23692 Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. 8.8 CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
 
Third-party Component CVEs More information
iDRAC9 CVE-2022-24422 See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
Intel BIOS CVE-2021-0060 See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584 See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
OpenSSL CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2021-41617 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2020-14145 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2016-20012 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2020-14145
CVE-2016-20012
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-23692 Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. 8.8 CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
 
Third-party Component CVEs More information
iDRAC9 CVE-2022-24422 See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
Intel BIOS CVE-2021-0060 See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584 See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities
CVE-2021-28210
CVE-2021-28211
OpenSSL CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 This hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2021-41617 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2020-14145 This hyperlink is taking you to a website outside of Dell Technologies.
https://nvd.nist.gov/vuln/detail/CVE-2016-20012 This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2020-14145
CVE-2016-20012
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-24422 PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 7.0 to 7.8 7.9.0.0 and later
Or
7.7.2 and later to stay on LTS 7.7		 For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):
CVE-2021-0060
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584
CVE-2021-28210
CVE-2021-28211
CVE-2022-0778 PowerProtect DD
DDOS and DDMC		 7.0 to 7.8 7.9.0.0 and later
Or
7.7.3 and later to stay on LTS
CVE-2021-41617
CVE-2020-14145 LTS 7.7.1 to 7.7.2 7.7.3 and later
CVE-2016-20012 6.2.1.80 and earlier 6.2.1.90 and later
CVE-2023-23692
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-24422 PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 7.0 to 7.8 7.9.0.0 and later
Or
7.7.2 and later to stay on LTS 7.7		 For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):
CVE-2021-0060
CVE-2021-0147
CVE-2021-0127
CVE-2021-0103
CVE-2021-0114
CVE-2021-0115
CVE-2021-0116
CVE-2021-0117
CVE-2021-0118
CVE-2021-0099
CVE-2021-0111
CVE-2021-0107
CVE-2021-0125
CVE-2021-0124
CVE-2021-0119
CVE-2021-0092
CVE-2021-0091
CVE-2021-0093
CVE-2019-14584
CVE-2021-28210
CVE-2021-28211
CVE-2022-0778 PowerProtect DD
DDOS and DDMC		 7.0 to 7.8 7.9.0.0 and later
Or
7.7.3 and later to stay on LTS
CVE-2021-41617
CVE-2020-14145 LTS 7.7.1 to 7.7.2 7.7.3 and later
CVE-2016-20012 6.2.1.80 and earlier 6.2.1.90 and later
CVE-2023-23692

Revision History

RevisionDateDescription
1.02022-07-07Initial Release
1.12022-07-12Edited versions in Affected Products and Remediation Table Affected Version Column
1.22022-08-31Added "7.7.3 and above" to Affected Products and Remediation Table
1.32022-01-12Added CVE-2023-23692 to Proprietary Code Table. 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA , Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain ...
Last Published Date

20 Jun 2023

Version

9

Article Type

Dell Security Advisory

Back to Top