DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities
Summary: Dell Technologies PowerProtect Data Domain remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-23692 | Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system. | 8.8 | CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Third-party Component | CVEs | More information |
| iDRAC9 | CVE-2022-24422 | See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Intel BIOS | CVE-2021-0060 | See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release |
| CVE-2021-0147 | ||
| CVE-2021-0127 | ||
| CVE-2021-0103 | ||
| CVE-2021-0114 | ||
| CVE-2021-0115 | ||
| CVE-2021-0116 | ||
| CVE-2021-0117 | ||
| CVE-2021-0118 | ||
| CVE-2021-0099 | ||
| CVE-2021-0111 | ||
| CVE-2021-0107 | ||
| CVE-2021-0125 | ||
| CVE-2021-0124 | ||
| CVE-2021-0119 | ||
| CVE-2021-0092 | ||
| CVE-2021-0091 | ||
| CVE-2021-0093 | ||
| CVE-2019-14584 | See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities | |
| CVE-2021-28210 | ||
| CVE-2021-28211 | ||
| OpenSSL | CVE-2022-0778 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| OpenSSH | CVE-2021-41617 | https://nvd.nist.gov/vuln/detail/CVE-2021-41617 https://nvd.nist.gov/vuln/detail/CVE-2020-14145 https://nvd.nist.gov/vuln/detail/CVE-2016-20012 |
| CVE-2020-14145 | ||
| CVE-2016-20012 |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-24422 | PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900 | 7.0 to 7.8 | 7.9.0.0 and later Or 7.7.2 and later to stay on LTS 7.7 |
For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles): |
| CVE-2021-0060 | ||||
| CVE-2021-0147 | ||||
| CVE-2021-0127 | ||||
| CVE-2021-0103 | ||||
| CVE-2021-0114 | ||||
| CVE-2021-0115 | ||||
| CVE-2021-0116 | ||||
| CVE-2021-0117 | ||||
| CVE-2021-0118 | ||||
| CVE-2021-0099 | ||||
| CVE-2021-0111 | ||||
| CVE-2021-0107 | ||||
| CVE-2021-0125 | ||||
| CVE-2021-0124 | ||||
| CVE-2021-0119 | ||||
| CVE-2021-0092 | ||||
| CVE-2021-0091 | ||||
| CVE-2021-0093 | ||||
| CVE-2019-14584 | ||||
| CVE-2021-28210 | ||||
| CVE-2021-28211 | ||||
| CVE-2022-0778 | PowerProtect DD DDOS and DDMC |
7.0 to 7.8 | 7.9.0.0 and later Or 7.7.3 and later to stay on LTS |
|
| CVE-2021-41617 | ||||
| CVE-2020-14145 | LTS 7.7.1 to 7.7.2 | 7.7.3 and later | ||
| CVE-2016-20012 | 6.2.1.80 and earlier | 6.2.1.90 and later | ||
| CVE-2023-23692 |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-07 | Initial Release |
| 1.1 | 2022-07-12 | Edited versions in Affected Products and Remediation Table Affected Version Column |
| 1.2 | 2022-08-31 | Added "7.7.3 and above" to Affected Products and Remediation Table |
| 1.3 | 2022-01-12 | Added CVE-2023-23692 to Proprietary Code Table. |
Related Information
Legal Disclaimer
Affected Products
Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA
, Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain
...
Article Properties
Article Number: 000201296
Article Type: Dell Security Advisory
Last Modified: 19 Sep 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.