Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2024-330: Security Update for Dell PowerProtect DD OpenSSH Vulnerability

Summary: Dell PowerProtect DD mitigation is available for an OpenSSH vulnerability that malicious users may exploit to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Additional Details

The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Details

Third-party Component CVEs More Information
OpenSSH CVE-2024-6387

https://nvd.nist.gov/vuln/detail/CVE-2024-6387This hyperlink is taking you to a website outside of Dell Technologies., DSA-2024-342 Security Update for Dell iDRAC9 OpenSSH Vulnerability

Dell iDRAC9 CVE-2023-48795, CVE-2024-38433, CVE-2023-29499, CVE-2024-25943

DSA-2024-099 Dell iDRAC9 Security Update, DSA-2024-223 Dell iDRAC9 Security Update, DSA-2024-021 Dell iDRAC9 Security Update, DSA-2024-286 Dell iDRAC9 Security Update

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

DD OS 8.1

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Data Domain Operating System (DD OS), Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, DD9900

Versions 7.7.1 through 8.1.0.0

Version 8.1.0.10 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 8.1

Dell PowerProtect DD appliance models: DD9410, DD9910

Versions 8.0.0.0 through 8.1.0.0

Version 8.1.0.10 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.13

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions prior to 7.13.1.05

Version 7.13.1.05 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.10

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2023 7.10.1

Versions prior to 7.10.1.40

Version 7.10.1.40 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.7

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2022 7.7.5

Versions prior to 7.7.5.50

Version 7.7.5.50 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

DD OS 8.1

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Data Domain Operating System (DD OS), Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, DD9900

Versions 7.7.1 through 8.1.0.0

Version 8.1.0.10 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 8.1

Dell PowerProtect DD appliance models: DD9410, DD9910

Versions 8.0.0.0 through 8.1.0.0

Version 8.1.0.10 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.13

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2024 7.13.1

Versions prior to 7.13.1.05

Version 7.13.1.05 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.10

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD Management Center with SmartScale feature, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2023 7.10.1

Versions prior to 7.10.1.40

Version 7.10.1.40 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

DD OS 7.7

Dell PowerProtect DD series appliances, Dell PowerProtect DD Virtual Edition, Dell APEX Protection Storage, Dell PowerProtect DD Management Center, Dell PowerProtect DD appliance models: DD3300, DD6400, DD6900, DD9400, and DD9900, Data Domain Operating System (DD OS) LTS2022 7.7.5

Versions prior to 7.7.5.50

Version 7.7.5.50 or later

Support for DD OS | Drivers & Downloads (Dell Support login required)

Note: 

Workarounds & Mitigations

CVE ID Workaround and Mitigation
CVE-2024-6387
  1. DDOS and DDMC: Limit SSH connection of Data Domain systems to trusted client hosts to reduce risk exposure. If SSH clients use dynamic IP, customers can configure a single allowed static IP as jump host and all SSH clients are to log in to this jump host to reach DD.
  2. iDRAC: See DSA-2024-342

Revision History

RevisionDateDescription
1.02024-10-01Initial Release
2.02024-10-03Updated for enhanced presentation with no changes to content
3.02024-10-11

Updated DSA to include CVE-2023-48795, CVE-2024-38433, CVE-2023-29499, CVE-2024-25943.

4.02024-10-14

Updated for enhanced presentation with no changes to content

Related Information

Affected Products

Data Domain, PowerProtect Data Protection Appliance, DD OS, DD OS 7.10, DD OS 7.13, DD OS 7.7, DD OS 8.0, DD OS Licensed Features, Integrated Data Protection Appliance Family
Article Properties
Article Number: 000227030
Article Type: Dell Security Advisory
Last Modified: 16 Oct 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.